CVE-2013-4352
Published: 20 July 2014
The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.
Notes
Author | Note |
---|---|
mdeslaur | from commit: "This issue affected httpd versions 2.4.5 and 2.4.6 only." |
Priority
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(2.2.14-5ubuntu8.13)
|
precise |
Not vulnerable
(2.2.22-1ubuntu1.6)
|
|
trusty |
Not vulnerable
(2.4.7-1ubuntu4)
|
|
upstream |
Released
(2.4.7)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1524167 upstream: http://svn.apache.org/viewvc?view=revision&revision=1610495 |