{"vulnerability": "CVE-2024-40898", "sightings": [{"uuid": "66881bd5-394e-442a-96bd-45992adb9dfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8023", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aWhy GNU IFUNC is the real culprit behind CVE-2024-3094\nURL\uff1ahttps://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-07-19T03:58:31.000000Z"}, {"uuid": "f3230fdc-b108-43d9-99b7-332c1ce410bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "published-proof-of-concept", "source": "Telegram/YEiFamPdgcqsNBKcTHrz6s6bZPTIwshB08cHvtzul5ZyUxA", "content": "", "creation_timestamp": "2025-06-30T21:00:03.000000Z"}, {"uuid": "be24b028-36d0-467a-8bdf-36b54e69261e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "published-proof-of-concept", "source": "Telegram/G1YIpqTouZZ7RGRq-g0EK5R-A4RVmquYDNGd4eb7udpn90Y", "content": "", "creation_timestamp": "2025-06-14T15:00:07.000000Z"}, {"uuid": "de2d8633-ab8d-4480-92de-8cfef0707856", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "published-proof-of-concept", "source": "https://t.me/TheMalware_Team/3786", "content": "#exploit\n1. CVE-2024-34065:\nStrapi Open Redirect\nhttps://blog.quarkslab.com/looking-for-vulnerabilities-in-strapi-cve-2024-34065.html\n\n2. CVE-2024-40725,\nCVE-2024-40898:\nApache HTTP Server SSRF\nhttps://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898", "creation_timestamp": "2024-07-24T22:29:42.000000Z"}, {"uuid": "bce0a9f4-ab48-4b04-af2e-22157787bc3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "seen", "source": "https://t.me/cvedetector/1148", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-40898 - Apache HTTP Server mod_rewrite SSRF NTML Hash Leak on Windows\", \n  \"Content\": \"CVE ID : CVE-2024-40898 \nPublished : July 18, 2024, 10:15 a.m. | 44\u00a0minutes ago \nDescription : SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.  \n  \nUsers are recommended to upgrade to version 2.4.62 which fixes this issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-18T13:27:11.000000Z"}, {"uuid": "0fe7ee46-54b7-43ab-a38a-2add0b24d623", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/556", "content": "#exploit\n1. CVE-2024-34065:\nStrapi Open Redirect\nhttps://blog.quarkslab.com/looking-for-vulnerabilities-in-strapi-cve-2024-34065.html\n\n2. CVE-2024-40725,\nCVE-2024-40898:\nApache HTTP Server SSRF\nhttps://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898", "creation_timestamp": "2024-07-30T01:02:10.000000Z"}, {"uuid": "5b496c8b-455e-4693-9998-97c70fba657b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/458", "content": "Tools - Hackers Factory \n\nSimple tool for searching and collect information written in Python 3\n\nhttps://github.com/YouVBeenHacked/gideon/tree/09c3e17864a5d6ceead8558f119560c4861d7a6f\n\nlawndoc/Respotter: Respotter is a Responder honeypot! Catch attackers and red teams as soon as they spin up Responder in your environment.\n\nhttps://github.com/lawndoc/Respotter\n\na13xp0p0v/kernel-hardening-checker: A tool for checking the security hardening options of the Linux kernel\n\nhttps://github.com/a13xp0p0v/kernel-hardening-checker\n\nELMERIKH/TelecordC2: Advanced Telegram x Discord C2, great for data Exfitration and Network evasion\n\nhttps://github.com/ELMERIKH/TelecordC2\n\nA chrome/Firefox extension to retrieve and load react javascript chunks all at once for a wide range of javascript techs\n\nhttps://github.com/ElSicarius/chunkloader\n\nToutatis\n\nhttps://github.com/megadose/toutatis - a tool for collecting info about an Instagram user (that include part of phone number and email).\n\nCVE-2024-40725 and CVE-2024-40898\n\nhttps://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898\n\nMass Exploit - CVE-2024-29824 - Ivanti EPM - Remote Code Execution (RCE)\n\nhttps://github.com/codeb0ss/CVE-2024-29824-PoC\n\nFile-Tunnel : Tunnel TCP connections through a file.\n\nhttps://github.com/fiddyschmitt/File-Tunnel\n\nhttps://t.me/CyberDilara\n#CyberDilara", "creation_timestamp": "2024-07-23T04:43:45.000000Z"}, {"uuid": "fe8c5304-6d5a-4b84-9c19-2340c227fb7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "seen", "source": "Telegram/Hf_SunJuoYNf_bsQCJ20cuXyI7bzH8EMEXzusn30k3vpXeQ", "content": "", "creation_timestamp": "2024-10-15T10:14:15.000000Z"}, {"uuid": "381a7d3e-09f2-495f-91d8-7f90c8c7388c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/6874", "content": "CVE-2024\u201340725 and CVE-2024\u201340898: Critical Vulnerabilities in Apache HTTP Server: https://infosecwriteups.com/cve-2024-40725-and-cve-2024-40898-critical-vulnerabilities-in-apache-http-server-d292084255dc?source=rss------bug_bounty-5", "creation_timestamp": "2024-07-22T04:06:24.000000Z"}, {"uuid": "b61353d2-62b2-4a89-9931-1e0c1ca37754", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "seen", "source": "https://t.me/HackingInsights/6516", "content": "\u200aCVE-2024-40725 & CVE-2024-40898: Apache HTTP Server Flaws Put Millions of Websites at Risk\n\nhttps://securityonline.info/cve-2024-40725-cve-2024-40898-apache-http-server-flaws-put-millions-of-websites-at-risk/", "creation_timestamp": "2024-07-18T10:13:30.000000Z"}, {"uuid": "a59d2bbe-19f2-4152-9215-ccc0e56162e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8306", "content": "Tools - Hackers Factory \n\nSimple tool for searching and collect information written in Python 3\n\nhttps://github.com/YouVBeenHacked/gideon/tree/09c3e17864a5d6ceead8558f119560c4861d7a6f\n\nlawndoc/Respotter: Respotter is a Responder honeypot! Catch attackers and red teams as soon as they spin up Responder in your environment.\n\nhttps://github.com/lawndoc/Respotter\n\na13xp0p0v/kernel-hardening-checker: A tool for checking the security hardening options of the Linux kernel\n\nhttps://github.com/a13xp0p0v/kernel-hardening-checker\n\nELMERIKH/TelecordC2: Advanced Telegram x Discord C2, great for data Exfitration and Network evasion\n\nhttps://github.com/ELMERIKH/TelecordC2\n\nA chrome/Firefox extension to retrieve and load react javascript chunks all at once for a wide range of javascript techs\n\nhttps://github.com/ElSicarius/chunkloader\n\nToutatis\n\nhttps://github.com/megadose/toutatis - a tool for collecting info about an Instagram user (that include part of phone number and email).\n\nCVE-2024-40725 and CVE-2024-40898\n\nhttps://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898\n\nMass Exploit - CVE-2024-29824 - Ivanti EPM - Remote Code Execution (RCE)\n\nhttps://github.com/codeb0ss/CVE-2024-29824-PoC\n\nFile-Tunnel : Tunnel TCP connections through a file.\n\nhttps://github.com/fiddyschmitt/File-Tunnel\n\nhttps://t.me/CyberDilara\n#CyberDilara", "creation_timestamp": "2024-07-23T06:18:24.000000Z"}, {"uuid": "016b99ac-c5e7-4d91-a195-0ccde8280d65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "seen", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/5115", "content": "tatacommunications-ts.com\n\nhttps://115.110.196.19\n\nCVE-2022-23943\nCVE-2023-25690\nCVE-2024-40898", "creation_timestamp": "2024-12-15T07:36:23.000000Z"}, {"uuid": "0bb49b8d-5383-4225-810e-ae59c1e8b406", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7003", "content": "Tools - Hackers Factory \n\nSimple tool for searching and collect information written in Python 3\n\nhttps://github.com/YouVBeenHacked/gideon/tree/09c3e17864a5d6ceead8558f119560c4861d7a6f\n\nlawndoc/Respotter: Respotter is a Responder honeypot! Catch attackers and red teams as soon as they spin up Responder in your environment.\n\nhttps://github.com/lawndoc/Respotter\n\na13xp0p0v/kernel-hardening-checker: A tool for checking the security hardening options of the Linux kernel\n\nhttps://github.com/a13xp0p0v/kernel-hardening-checker\n\nELMERIKH/TelecordC2: Advanced Telegram x Discord C2, great for data Exfitration and Network evasion\n\nhttps://github.com/ELMERIKH/TelecordC2\n\nA chrome/Firefox extension to retrieve and load react javascript chunks all at once for a wide range of javascript techs\n\nhttps://github.com/ElSicarius/chunkloader\n\nToutatis\n\nhttps://github.com/megadose/toutatis - a tool for collecting info about an Instagram user (that include part of phone number and email).\n\nCVE-2024-40725 and CVE-2024-40898\n\nhttps://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898\n\nMass Exploit - CVE-2024-29824 - Ivanti EPM - Remote Code Execution (RCE)\n\nhttps://github.com/codeb0ss/CVE-2024-29824-PoC\n\nFile-Tunnel : Tunnel TCP connections through a file.\n\nhttps://github.com/fiddyschmitt/File-Tunnel\n\nhttps://t.me/CyberDilara\n#CyberDilara", "creation_timestamp": "2024-07-23T06:18:24.000000Z"}, {"uuid": "7398ba7f-b3bd-46bf-9908-9d422dda462d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3474", "content": "Tools - Hackers Factory \n\nSimple tool for searching and collect information written in Python 3\n\nhttps://github.com/YouVBeenHacked/gideon/tree/09c3e17864a5d6ceead8558f119560c4861d7a6f\n\nlawndoc/Respotter: Respotter is a Responder honeypot! Catch attackers and red teams as soon as they spin up Responder in your environment.\n\nhttps://github.com/lawndoc/Respotter\n\na13xp0p0v/kernel-hardening-checker: A tool for checking the security hardening options of the Linux kernel\n\nhttps://github.com/a13xp0p0v/kernel-hardening-checker\n\nELMERIKH/TelecordC2: Advanced Telegram x Discord C2, great for data Exfitration and Network evasion\n\nhttps://github.com/ELMERIKH/TelecordC2\n\nA chrome/Firefox extension to retrieve and load react javascript chunks all at once for a wide range of javascript techs\n\nhttps://github.com/ElSicarius/chunkloader\n\nToutatis\n\nhttps://github.com/megadose/toutatis - a tool for collecting info about an Instagram user (that include part of phone number and email).\n\nCVE-2024-40725 and CVE-2024-40898\n\nhttps://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898\n\nMass Exploit - CVE-2024-29824 - Ivanti EPM - Remote Code Execution (RCE)\n\nhttps://github.com/codeb0ss/CVE-2024-29824-PoC\n\nFile-Tunnel : Tunnel TCP connections through a file.\n\nhttps://github.com/fiddyschmitt/File-Tunnel\n\nhttps://t.me/CyberDilara\n#CyberDilara", "creation_timestamp": "2024-07-23T04:43:56.000000Z"}, {"uuid": "71afe0ea-1851-410a-bc64-6f9b7e9bc611", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "published-proof-of-concept", "source": "Telegram/fmnrItX9ni0-os4NhDhn5S2FWV4dH62W8_H3cZbb_PP8-WM", "content": "", "creation_timestamp": "2024-11-11T16:17:23.000000Z"}, {"uuid": "ae596a9f-84d9-425a-bccf-dbb1c555eddb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2817", "content": "https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898\n\n\ud83d\udea8CVE-2024-40725 and CVE-2024-40898\ud83d\udea8\n#github #poc #exploit", "creation_timestamp": "2024-07-20T15:31:46.000000Z"}, {"uuid": "0ad900fd-d539-40aa-8dc6-40a600d67913", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "published-proof-of-concept", "source": "https://t.me/TheMalware_Team/159058", "content": "#exploit\n1. CVE-2024-34065:\nStrapi Open Redirect\nhttps://blog.quarkslab.com/looking-for-vulnerabilities-in-strapi-cve-2024-34065.html\n\n2. CVE-2024-40725,\nCVE-2024-40898:\nApache HTTP Server SSRF\nhttps://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898", "creation_timestamp": "2024-07-24T22:29:42.000000Z"}, {"uuid": "e3faeca2-2b63-4faa-8f27-dee67f15e5ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-40898", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10863", "content": "#exploit\n1. CVE-2024-34065:\nStrapi Open Redirect\nhttps://blog.quarkslab.com/looking-for-vulnerabilities-in-strapi-cve-2024-34065.html\n\n2. CVE-2024-40725,\nCVE-2024-40898:\nApache HTTP Server SSRF\nhttps://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898", "creation_timestamp": "2024-07-21T19:21:49.000000Z"}]}