cve/2024/CVE-2024-40898.md

### [CVE-2024-40898](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40898)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20HTTP%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2.4.0%3C%3D%202.4.61%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen)

### Description

SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.Users are recommended to upgrade to version 2.4.62 which fixes this issue. 

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0xMarcio/cve
- https://github.com/Andromeda254/cve
- https://github.com/ForceEA001/CVE-2024-40898-SSL-Bypass-Detection
- https://github.com/NeoOniX/5ATTACK
- https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898
- https://github.com/anilpatel199n/CVE-2024-40898
- https://github.com/dusbot/cpe2cve
- https://github.com/jeanrafaellourenco/shodan-host-recon
- https://github.com/krlabs/apache-vulnerabilities
- https://github.com/lekctut/sdb-hw-13-01
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/pedr0alencar/vlab-metasploitable2
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/rajeshwarideoraj/Vulnerability_Data_Extraction_and_Analysis
- https://github.com/soltanali0/CVE-2024-40725
- https://github.com/tanjiti/sec_profile
- https://github.com/zulloper/cve-poc