4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.041 Low
EPSS
Percentile
92.1%
The cache_invalidate function in modules/cache/cache_storage.c in the
mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward
proxy is enabled, allows remote HTTP servers to cause a denial of service
(NULL pointer dereference and daemon crash) via vectors that trigger a
missing hostname value.
Author | Note |
---|---|
mdeslaur | from commit: “This issue affected httpd versions 2.4.5 and 2.4.6 only.” |