The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
06 Jun 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Jun 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2015-07-20 23:59
Updated : 2024-02-04 18:53
NVD link : CVE-2015-0253
Mitre link : CVE-2015-0253
CVE.ORG link : CVE-2015-0253
JSON object : View
Products Affected
oracle
- linux
- solaris
apple
- mac_os_x_server
- mac_os_x
apache
- http_server
CWE