Security Advisory

CVE-2025-59775

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-05 10:17:03

Last updated 2025-12-05 19:28:44

Assigner apache

State PUBLISHED

Description

Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.

← Browse all CVEs View on cve.org ↗