1
Candidate: CVE-2015-0253
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253
5
http://www.apache.org/dist/httpd/CHANGES_2.4
6
http://httpd.apache.org/security/vulnerabilities_24.html
8
The read_request_line function in server/protocol.c in the Apache HTTP
9
Server 2.4.12 does not initialize the protocol structure member, which
10
allows remote attackers to cause a denial of service (NULL pointer
11
dereference and process crash) by sending a request that lacks a method to
12
an installation that enables the INCLUDES filter and has an ErrorDocument
13
400 directive specifying a local URI.
16
tyhicks> Only affected 2.4.12
18
https://bz.apache.org/bugzilla/show_bug.cgi?id=57531
24
upstream: https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb
25
upstream_apache2: released (2.4.12-1)
26
precise_apache2: not-affected
27
trusty_apache2: not-affected
28
utopic_apache2: not-affected
29
vivid_apache2: not-affected (2.4.10-9ubuntu1)
30
devel_apache2: not-affected (2.4.12-2ubuntu1)