What is CVE-2024-38472?

A high-severity SSRF vulnerability in Apache HTTP Server on Windows could allow attackers to leak NTLM hashes to malicious servers. Organizations must upgrade to version 2.4.60 immediately to mitigate this risk.

What is the severity of CVE-2024-38472?

CVE-2024-38472 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2024-38472 | High Vulnerability in Apache HTTP Server

CVE-2024-38472 is a high-severity vulnerability classified as a Server-Side Request Forgery (SSRF) affecting the Apache HTTP Server on Windows. This vulnerability allows attackers to potentially leak NTLM hashes to a malicious server through specially crafted requests. The CVSS score for this vulnerability is 7.5, indicating a significant risk to affected systems. Organizations using vulnerable versions of Apache HTTP Server must prioritize remediation efforts.

The vulnerability is particularly concerning due to its potential impact on confidentiality, with a high confidentiality impact score. Attackers may leverage this weakness to gain unauthorized access to sensitive information, exposing organizations to data breaches and compliance violations. As of now, exploit availability has been confirmed, which increases the urgency of addressing this vulnerability.

Organizations should prioritize patching immediately. Upgrading to version 2.4.60 of the Apache HTTP Server will mitigate this issue. However, existing configurations that access UNC paths will require a new directive named "UNCList" to allow access during request processing.

Failure to address this vulnerability could lead to severe repercussions, including unauthorized access to sensitive data and potential exploitation of the affected systems by malicious actors.

Vulnerability Details

The official description of CVE-2024-38472 states that it allows an attacker to leak NTLM hashes to a malicious server via SSRF and malicious requests or content. The vulnerability is present in Apache HTTP Server versions prior to 2.4.60.

The CVSS score of 7.5 indicates a high severity level, primarily due to its high confidentiality impact. The attack vector is network-based, with low complexity and no privileges required for exploitation.

The vulnerability was published on July 1, 2024, and is classified under CWE-918, which pertains to Server-Side Request Forgery vulnerabilities.

Technical Analysis

The root cause of this vulnerability lies in the improper validation of requests that access internal resources via UNC paths. This oversight can be exploited by attackers to send crafted requests that may leak sensitive information, such as NTLM hashes, to external servers.

The attack vector is network-based, meaning attackers do not need physical access to the machines. The complexity of the attack is low, as no special privileges or user interaction are required to exploit this vulnerability. The confidentiality impact is high, as sensitive data can be exposed, while integrity and availability impacts remain unaffected.

Risk & Impact Analysis

Risk to organizations includes potential data breaches and unauthorized access to sensitive information. The blast radius can be significant, especially for organizations that rely on the Apache HTTP Server for critical applications.

Given the exploitability of this vulnerability and its critical nature, organizations should address it urgently. The high exploitability score indicates a real and immediate risk of attack.

Signal	Status
Known Exploit	Yes
Public PoC	Yes
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected products include Apache HTTP Server versions prior to 2.4.60 and NetApp ONTAP version 9. Users should upgrade to the latest versions to mitigate this vulnerability.

Mitigation & Remediation

To remediate this vulnerability, organizations must upgrade to Apache HTTP Server version 2.4.60. Additionally, existing configurations that access UNC paths must be updated to include the new directive "UNCList" to allow access during request processing.

For further guidance on securing your systems, organizations can refer to our application security assessment services.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for unexpected requests to internal resources and anomalies in request patterns that could indicate SSRF attempts.

AppSecure Threat Intelligence Insight

CVE-2024-38472 represents a notable trend in vulnerabilities associated with SSRF. As such, security teams should focus on improving input validation and request handling in their applications.

For organizations looking to enhance their security posture, implementing robust security testing methods, including penetration testing, is recommended.

Furthermore, organizations should consider leveraging continuous security assessments to proactively identify and remediate vulnerabilities in their systems.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-38472: High Vulnerability in Apache HTTP Server