Описание
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:http_server:1.3.12:*:win32:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.14:*:win32:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.15:*:win32:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.16:*:win32:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.17:*:win32:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.18:*:win32:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.19:*:win32:*:*:*:*:*
EPSS
Процентиль: 93%
0.10153
Средний
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
EPSS
Процентиль: 93%
0.10153
Средний
5 Medium
CVSS2
Дефекты
NVD-CWE-Other