Lucene search

K
httpdApache Team FoundationHTTPD:DCCBE61AE21B0AFFBFDFD9733B98D89F
HistoryFeb 03, 2015 - 12:00 a.m.

Apache Httpd < 2.4.16 : Crash in ErrorDocument 400 handling

2015-02-0300:00:00
Apache Team Foundation
httpd.apache.org
18

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.017

Percentile

87.9%

A crash in ErrorDocument handling was found. If ErrorDocument 400 was configured pointing to a local URL-path with the INCLUDES filter active, a NULL dereference would occur when handling the error, causing the child process to crash. This issue affected the 2.4.12 release only.

Affected configurations

Vulners
Node
apacheapache_httpdMatch2.4.12
VendorProductVersionCPE
apacheapache_httpd2.4.12cpe:2.3:a:apache:apache_httpd:2.4.12:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.017

Percentile

87.9%