CNNVD-202512-689 Information
CNNVD ID
CNNVD-202512-689
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server存在安全漏洞,该漏洞源于Windows平台上AllowEncodedSlashes On和MergeSlashes Off配置下的SSRF漏洞,可能导致NTLM哈希泄露。
Description (English)
Apache HTTP Server is an open-source web server of the Apache Foundation in the United States. The server has a fast, reliable character and can be expanded through a simple API. There is a security loophole in Apache HTTP Server, which stems from the SSRF loophole in the Allow Encoded Slashes On and MergeSlashes Off configurations on the Windows platform, which could lead to NTLM Hashi leaking.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
阿帕奇
Published
2025-12-05
Last Modified
2026-02-24
References
http://www.openwall.com/lists/oss-security/2025/12/04/6 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59775 https://vigilance.fr/vulnerability/Apache-
Patch
https://httpd.apache.org/download.cgi
Share on: