Apache HTTP Server on WIndows UNC SSRF

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue.  Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.

N/A

服务端请求伪造(SSRF)

Apache HTTP Server 安全漏洞

Apache HTTP Server是美国阿帕奇（Apache）基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.4.59及之前版本存在安全漏洞，该漏洞源于存在服务端请求伪造漏洞(SSRF)，允许攻击者通过恶意请求或内容泄露NTML哈希值。

N/A

N/A