CVE-2024-38472

HIGH NUCLEI

Apache HTTP Server 2.4.0-2.4.59 - Server-Side Request Forgery via UNC Path Handling

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-38472. PoCs published by mrmtwoj, Abdurahmon3236. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Python script that scans for multiple Apache HTTP Server vulnerabilities by sending crafted HTTP requests to detect potential misconfigurations or weaknesses. It does not include exploit code for achieving RCE or other offensive actions, only detection logic.

Description

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.

Exploits (2)

nomisec SCANNER 123 stars

by mrmtwoj · poc

https://github.com/mrmtwoj/apache-vulnerability-testing

View Code ZIP pw:eip

This repository contains a Python script that scans for multiple Apache HTTP Server vulnerabilities by sending crafted HTTP requests to detect potential misconfigurations or weaknesses. It does not include exploit code for achieving RCE or other offensive actions, only detection logic.

Classification

Scanner 90%

Attack Type

Ssrf | Dos | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: Apache HTTP Server (various versions)

No auth needed

Prerequisites: Python 3.x · requests library · network access to target

MITRE ATT&CK

T1189 - Drive-by Compromise T1082 - System Information Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 4 stars

by Abdurahmon3236 · poc

https://github.com/Abdurahmon3236/CVE-2024-38472

View Code ZIP pw:eip

The repository contains a functional Metasploit module for CVE-2024-38472, which exploits an SSRF vulnerability in Apache HTTP Server on Windows to achieve RCE by interacting with internal services. The module includes a check method to verify the target and an exploit method to send a crafted SSRF request.

Classification

Working Poc 90%

Attack Type

Ssrf

Complexity

Moderate

Reliability

Theoretical

Target: Apache HTTP Server on Windows

No auth needed

Prerequisites: Access to a vulnerable Apache HTTP Server on Windows · Internal service vulnerable to RCE

MITRE ATT&CK

T1189 - Drive-by Compromise T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Apache HTTPd Windows UNC - Server-Side Request Forgery

HIGHby pdteam

References (3)

Core 3

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2024/07/01/5

Third Party Advisory

https://security.netapp.com/advisory/ntap-20240712-0001/

Vendor Advisory vendor-advisory

https://httpd.apache.org/security/vulnerabilities_24.html

Scores

CVSS v3 7.5

EPSS 0.6795

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-918

Status published

Products (2)

apache/http_server 2.4.0 - 2.4.60

netapp/ontap 9

Published Jul 01, 2024

Tracked Since Feb 18, 2026