Apache HTTP Server Server-Side Request Forgery Vulnerability on Windows via Unvalidated Request Input

A server-side request forgery (SSRF) vulnerability has been identified in Apache HTTP Server on Windows, allowing the potential leakage of NTLM hashes to a malicious server. This vulnerability arises in versions 2.4.0 prior to 2.4.63, through the use of mod_rewrite or Apache expressions that pass unvalidated request input. Exploitation of this vulnerability could be facilitated by directing the server to open UNC paths, a scenario that offers limited protection against such actions. It is recommended that Windows servers restrict SMB connections based on the nature of NTLM authentication.

Impact

Exploitation of this vulnerability could lead to unauthorized access to NTLM hashes, which could be used to authenticate as a user or potentially gain access to resources protected by NTLM authentication.

Remediation

Users are advised to upgrade to Apache HTTP Server version 2.4.64, which addresses this vulnerability. After upgrading, review and adjust any configurations that access UNC paths to ensure they comply with the new version's requirements.