The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.
http://httpd.apache.org/security/vulnerabilities_24.html
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/cache_storage.c
https://bugzilla.redhat.com/show_bug.cgi?id=1120604
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
Source: MITRE
Published: 2014-07-20
Updated: 2021-03-30
Type: NVD-CWE-Other
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
124922 | EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1419) | Nessus | Huawei Local Security Checks | high |
98904 | Apache 2.4.6 Remote DoS | Web Application Scanning | Component Vulnerability | medium |
80589 | Oracle Solaris Third-Party Patch Update : apache (multiple_denial_of_service_dos5) | Nessus | Solaris Local Security Checks | medium |
77292 | openSUSE Security Update : apache2 (openSUSE-SU-2014:1044-1) | Nessus | SuSE Local Security Checks | medium |
76914 | Apache 2.4.6 Remote DoS | Nessus | Web Servers | medium |
76905 | RHEL 7 : httpd (RHSA-2014:0921) | Nessus | Red Hat Local Security Checks | medium |
8342 | Apache HTTP Server 2.4.6 'mod_cache' NULL Pointer Dereference | Nessus Network Monitor | Web Servers | medium |
76745 | Oracle Linux 7 : httpd (ELSA-2014-0921) | Nessus | Oracle Linux Local Security Checks | medium |
76716 | CentOS 7 : httpd (CESA-2014:0921) | Nessus | CentOS Local Security Checks | medium |