Описание
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apache2 | fixed | 2.4.60-1 | package |
Примечания
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38477
Fixed by https://github.com/apache/httpd/commit/1d98d4db186e708f059336fb9342d0adb6925e85 (2.4.60)
(or https://svn.apache.org/viewvc?view=revision&revision=1918607)
Regression identified by Ubuntu https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/2072648
Regression fixed by: https://github.com/apache/httpd/commit/4d3a308014be26e5407113b4c827a1ea2882bf38 (2.4.60)
EPSS
Связанные уязвимости
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Уязвимость модуля mod_proxy веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании
EPSS