SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content. Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2024:6928 https://access.redhat.com/errata/RHSA-2024:6928