Описание
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.4.10-8ubuntu2 |
| esm-infra-legacy/trusty | released | 2.4.7-1ubuntu4.4 |
| lucid | not-affected | 2.2.14-5ubuntu8.14 |
| precise | not-affected | 2.2.22-1ubuntu1.7 |
| trusty | released | 2.4.7-1ubuntu4.4 |
| trusty/esm | released | 2.4.7-1ubuntu4.4 |
| upstream | released | 2.4.10-3 |
| utopic | released | 2.4.10-1ubuntu1.1 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.
The cache_merge_headers_out function in modules/cache/cache_util.c in ...
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.
ELSA-2015-0325: httpd security, bug fix, and enhancement update (LOW)
EPSS
5 Medium
CVSS2