5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.008 Low
EPSS
Percentile
80.0%
Apache HTTP Server NULL Pointer Dereference Vulnerability
>Apache HTTP Server 2.4.10 and earlier is prone to a vulnerability, which can be exploited to cause a DoS (Denial of Service). The vulnerability exists because the application contains flaw in the cache_merge_headers_out() function which is triggered when handling an empty ‘Content-Type’ header value.
>mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory.
Apache Server Banner.
{F94511}
Good Reads:
Solution: Update to the latest Apache stable version(2.4.20)