vulnerability
Alpine Linux: CVE-2024-38472: Server-Side Request Forgery (SSRF)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Jul 1, 2024 | Aug 22, 2024 | Dec 5, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Jul 1, 2024
Added
Aug 22, 2024
Modified
Dec 5, 2025
Description
SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content
Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.
Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.
Solution
alpine-linux-upgrade-apache2
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.