5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.038 Low
EPSS
Percentile
91.9%
A malformed Referer header field causes the Apache
ap_parse_uri_components function to discard it with the
result that a pointer is not initialized. The
mod_access_referer module does not take this into account
with the result that it may use such a pointer.
The null pointer vulnerability may possibly be used in a
remote denial of service attack against affected Apache
servers.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | mod_access_referer | < 1.0.2_1 | UNKNOWN |