CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-40898

Critical Severity
Apache
SVRS
73/100
CVSSv3
7.5/10
EPSS
0.00059/1

CVE-2024-40898 is a Server-Side Request Forgery (SSRF) vulnerability in the Apache HTTP Server. Specifically, this affects Windows systems utilizing mod_rewrite within the server/vhost context, potentially exposing sensitive NTML hashes. Although the CVSS score is 7.5, SOCRadar's Vulnerability Risk Score (SVRS) is 73, indicating a substantial risk. While not critical (above 80), the SVRS suggests this vulnerability should be addressed promptly. Successful exploitation could lead to credential theft and further unauthorized access. Users should upgrade to Apache HTTP Server version 2.4.62 to mitigate this SSRF vulnerability and prevent the leakage of NTLM hashes. This vulnerability highlights the importance of regularly updating software to patch security flaws.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:N
A:N
PUBLICATION DATE2024-07-18
LAST MODIFIED2024-08-08
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-40898 is a Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with mod_rewrite in the server/vhost context. This vulnerability allows an attacker to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. The CVSS score of 7.5 indicates a high severity, while the SOCRadar Vulnerability Risk Score (SVRS) of 74 signifies a critical vulnerability requiring immediate action.

Key Insights

  • Active Exploitation: This vulnerability is actively exploited in the wild, posing an immediate threat to organizations.
  • NTLM Hash Leakage: The vulnerability allows attackers to leak NTML hashes, which can be used to compromise Active Directory accounts and gain access to sensitive data.
  • Windows-Specific: This vulnerability only affects Apache HTTP Server on Windows systems, making it a targeted attack vector for attackers.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about this vulnerability, urging organizations to take immediate action.

Mitigation Strategies

  • Upgrade Apache HTTP Server: Upgrade to Apache HTTP Server version 2.4.62 or later, which fixes this vulnerability.
  • Disable mod_rewrite: If upgrading is not immediately possible, disable mod_rewrite in the server/vhost context to mitigate the vulnerability.
  • Implement Web Application Firewall (WAF): Deploy a WAF to block malicious requests and prevent exploitation of this vulnerability.
  • Monitor for Suspicious Activity: Monitor logs and network traffic for any suspicious activity that may indicate exploitation attempts.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-40898 | Apache HTTP Server up to 2.4.61 on Windows mod_rewrite server-side request forgery (Nessus ID 210450)
vuldb.com2024-11-07
CVE-2024-40898 | Apache HTTP Server up to 2.4.61 on Windows mod_rewrite server-side request forgery (Nessus ID 210450) | A vulnerability classified as critical has been found in Apache HTTP Server up to 2.4.61 on Windows. Affected is an unknown function of the component mod_rewrite. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2024-40898. It
vuldb.com
rss
forum
news
2024-073: Apache HTTP Server Critical Vulnerabilities
2024-07-24
2024-073: Apache HTTP Server Critical Vulnerabilities | On July 23, 2024, Apache issued an advisory about two critical vulnerabilities in its HTTP Server, CVE-2024-40725 and CVE-2024-40898. These vulnerabilities can lead to HTTP request smuggling and SSL client authentication bypass, potentially resulting in unauthorised access and other malicious activities. It is recommended to update affected systems immediately.
sandworm
europa.eu
rss
forum
Critical Apache HTTP Server Vulnerabilities Expose Millions of Websites to Cyber Attack
Dhivya2024-07-18
Critical Apache HTTP Server Vulnerabilities Expose Millions of Websites to Cyber Attack | The Apache Software Foundation has disclosed several critical vulnerabilities in the Apache HTTP Server, which could potentially expose millions of websites to cyber-attacks. These vulnerabilities, identified by their Common Vulnerabilities and Exposures (CVE) numbers, affect various versions of the Apache HTTP Server and could lead to severe consequences such as source code disclosure, server-side request […] The post Critical Apache HTTP Server Vulnerabilities Expose Millions of Websites to
cybersecuritynews.com
rss
forum
news
CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows
2024-07-17
CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows | Posted by Eric Covener on Jul 17Severity: important Affected versions: - Apache HTTP Server 2.4.0 through 2.4.61 Description: SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.
seclists.org
rss
forum
news
CVE-2024-40898 | Apache HTTP Server up to 2.4.61 on Windows mod_rewrite server-side request forgery
vuldb.com2024-07-17
CVE-2024-40898 | Apache HTTP Server up to 2.4.61 on Windows mod_rewrite server-side request forgery | A vulnerability classified as critical has been found in Apache HTTP Server up to 2.4.61 on Windows. Affected is an unknown function of the component mod_rewrite. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2024-40898. It is possible to
vuldb.com
rss
forum
news

Social Media

Software Update: NoMachine releases new packages for version 8 to update the built-in web server, nxhtd, to Apache version 2.4.62, released by Apache to fix the following CVEs CVE-2024-40898, CVE-2024-40725. https://t.co/y7OXwkMlQo https://t.co/u6fRFP5you
0
0
0
Two critical vulnerabilities in Apache HTTP Server (CVE-2024-40725 & CVE-2024-40898) could allow attackers to smuggle requests or bypass SSL client auth, leading to unauthorized access. Upgrade to version 2.4.62+ and review SSL configs ASAP! #ApacheHTTPServer #CVE
0
0
0
IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server (CVE-2024-40898, CVE-2024-40725) https://t.co/vPaiTUhpsU
0
0
0
CVE-2024-40725, CVE-2024-40898: vulnerability found in Apache HTTP Server versions 2.4.0 to 2.4.61. PoC https://t.co/12KmzzgdOf https://t.co/HdTy15mplL
0
0
6
CVE-2024-40725 & CVE-2024-40898: Apache HTTP Server Flaws Put Millions of Websites at Risk https://t.co/ykNRxuWgXW
0
0
0
CVE-2024-40725 & CVE-2024-40898: Apache HTTP Server Flaws Put Millions of Websites at Risk - https://t.co/3vdlo4Amzp
0
0
0
CVE-2024-40898 SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious re… https://t.co/iztDfkv5md
0
0
0
CVE-2024-40725 and CVE-2024-40898 are vulnerabilities found in the Apache HTTP Server that could potentially endanger millions of websites. Details: https://t.co/crzHIu9EN7 #cybersecurity #infosec #infosecurity
0
0
0
CVE-2024-40725 & CVE-2024-40898: Apache HTTP Server Flaws Put Millions of Websites at Risk https://t.co/LSL2EkGtPp
0
3
7
⚠️⚠️ CVE-2024-40725 & CVE-2024-40898: Apache HTTP Server Flaws Put Millions of Websites at Risk Affecting versions 2.4.0 through 2.4.61. 🎯295m+ Results are found on the https://t.co/pb16tGYaKe nearly year. FOFA Link🔗:https://t.co/YLJ4HlX6ZK FOFA Query: https://t.co/sPUhq2AdeQ
0
2
7

Affected Software

Configuration 1
TypeVendorProduct
AppApachehttp_server

References

ReferenceLink
[email protected]https://httpd.apache.org/security/vulnerabilities_24.html

CWE Details

CWE IDCWE NameDescription
CWE-918Server-Side Request Forgery (SSRF)The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence