ID CVE-2013-4352
Summary The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value. <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>
References
Vulnerable Configurations
  • cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 15-08-2019 - 09:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
rpms
  • httpd-0:2.4.6-18.el7_0
  • httpd-debuginfo-0:2.4.6-18.el7_0
  • httpd-devel-0:2.4.6-18.el7_0
  • httpd-manual-0:2.4.6-18.el7_0
  • httpd-tools-0:2.4.6-18.el7_0
  • mod_ldap-0:2.4.6-18.el7_0
  • mod_proxy_html-1:2.4.6-18.el7_0
  • mod_session-0:2.4.6-18.el7_0
  • mod_ssl-1:2.4.6-18.el7_0
  • httpd24-httpd-0:2.4.6-18.el6
  • httpd24-httpd-0:2.4.6-21.el7
  • httpd24-httpd-debuginfo-0:2.4.6-18.el6
  • httpd24-httpd-debuginfo-0:2.4.6-21.el7
  • httpd24-httpd-devel-0:2.4.6-18.el6
  • httpd24-httpd-devel-0:2.4.6-21.el7
  • httpd24-httpd-manual-0:2.4.6-18.el6
  • httpd24-httpd-manual-0:2.4.6-21.el7
  • httpd24-httpd-tools-0:2.4.6-18.el6
  • httpd24-httpd-tools-0:2.4.6-21.el7
  • httpd24-mod_ldap-0:2.4.6-18.el6
  • httpd24-mod_ldap-0:2.4.6-21.el7
  • httpd24-mod_proxy_html-1:2.4.6-18.el6
  • httpd24-mod_proxy_html-1:2.4.6-21.el7
  • httpd24-mod_session-0:2.4.6-18.el6
  • httpd24-mod_session-0:2.4.6-21.el7
  • httpd24-mod_ssl-1:2.4.6-18.el6
  • httpd24-mod_ssl-1:2.4.6-21.el7
refmap via4
confirm
mlist
  • [httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
  • [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Last major update 15-08-2019 - 09:15
Published 20-07-2014 - 11:12
Last modified 15-08-2019 - 09:15
Back to Top