Published: 20/07/2014 Updated: 15/08/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.

Affected Products

Vendor Product Versions
ApacheHttp Server2.4.6

Vendor Advisories

A NULL pointer dereference flaw was found in the mod_cache httpd module A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching ...

Github Repositories

MBSD Cybersecurity Challenges 2017 調査結果報告書 東京電子専門学校 チーム:陸のくまさん メンバー・役割 kumacky * 脆弱性診断 * 報告書作成 peachgyoza * 脆弱性診断 * 報告書作成 Keloud * 脆弱性診断 * 報告書作成 * CVSS評価 目次 [TOC] 調査手法に関する説明 使用したツール・環境 OS Windows 10