1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Candidate: CVE-2013-4352
PublicDate: 2014-07-20
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4352
http://httpd.apache.org/security/vulnerabilities_24.html
Description:
The cache_invalidate function in modules/cache/cache_storage.c in the
mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward
proxy is enabled, allows remote HTTP servers to cause a denial of service
(NULL pointer dereference and daemon crash) via vectors that trigger a
missing hostname value.
Ubuntu-Description:
Notes:
mdeslaur> from commit: "This issue affected httpd versions 2.4.5
mdeslaur> and 2.4.6 only."
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
Patches_apache2:
upstream: http://svn.apache.org/viewvc?view=revision&revision=1524167 (2.4.x)
upstream: http://svn.apache.org/viewvc?view=revision&revision=1610495 (changelog)
upstream_apache2: released (2.4.7)
lucid_apache2: not-affected (2.2.14-5ubuntu8.13)
precise_apache2: not-affected (2.2.22-1ubuntu1.6)
trusty_apache2: not-affected (2.4.7-1ubuntu4)
devel_apache2: not-affected (2.4.9-1ubuntu2)
|