Lucene search

K
cveRedhatCVE-2015-0253
HistoryJul 20, 2015 - 11:59 p.m.

CVE-2015-0253

2015-07-2023:59:00
redhat
web.nvd.nist.gov
90
cve-2015-0253
apache http server
protocol.c
remote attackers
denial of service
null pointer dereference
process crash
includes filter
errordocument 400 directive
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7.9

Confidence

High

EPSS

0.017

Percentile

87.9%

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.

Affected configurations

Nvd
Node
apachehttp_serverMatch2.4.12
Node
applemac_os_xMatch10.10.4
OR
applemac_os_x_serverMatch5.0.3
Node
oraclelinuxMatch7
OR
oraclesolarisMatch11.3
VendorProductVersionCPE
apachehttp_server2.4.12cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
applemac_os_x10.10.4cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*
applemac_os_x_server5.0.3cpe:2.3:o:apple:mac_os_x_server:5.0.3:*:*:*:*:*:*:*
oraclelinux7cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
oraclesolaris11.3cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

References

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7.9

Confidence

High

EPSS

0.017

Percentile

87.9%