Cyber Resilience

CVE-2024-38472

High

Published: 01 July 2024

Published
01 July 2024
Modified
01 July 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.9067 99.6th percentile
Risk Priority 69 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-38472 is a high-severity SSRF (CWE-918) vulnerability in Apache Http Server. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-38472 is a server-side request forgery vulnerability in Apache HTTP Server on Windows that can be triggered through malicious requests or content. The flaw, assigned CWE-918, affects the server's handling of UNC paths and allows an attacker-controlled destination to receive NTLM authentication material. It is rated 7.5 under CVSS 3.1 with a vector of AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The issue is resolved in version 2.4.60.

An unauthenticated remote attacker can supply crafted input that causes the server to initiate an outbound request to an attacker-controlled system. When the server attempts to access a UNC path during request processing, the resulting NTLM hash material can be captured by the malicious endpoint, resulting in disclosure of sensitive Windows credentials without any user interaction.

Advisories from the Apache project and NetApp recommend upgrading to 2.4.60. Administrators whose configurations rely on UNC paths must also define the new "UNCList" directive to explicitly permit the required access after the upgrade; otherwise such paths will be blocked.

The EPSS score has remained near its observed peak of 0.9167 with a current value of 0.9067.

EU & UK References

Vulnerability details

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that…

more

access UNC paths will have to configure new directive "UNCList" to allow access during request processing.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apache
http server
2.4.0 — 2.4.60
netapp
ontap
9

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-918

Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.

addresses: CWE-918

Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.

addresses: CWE-918

Validates server-side URLs and resource references to block SSRF attempts.

addresses: CWE-918

Detects server-side request forgery through monitoring of unexpected outbound connections.

References