Apache HTTP Server 'ap_pregsub()' Function Local Denial Of Service Vulnerability Network Vulnerability

Summary

Apache HTTP Server is prone to a local denial-of-service vulnerability because of a NULL-pointer dereference error or a memory exhaustion. Local attackers can exploit this issue to trigger a NULL-pointer dereference or memory exhaustion, and cause a server crash, denying service to legitimate users. Note: To trigger this issue, 'mod_setenvif' must be enabled and the attacker should be able to place a malicious '.htaccess' file on the affected webserver. Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21 are vulnerable. Other versions may also be affected.

References

http://httpd.apache.org/
http://www.gossamer-threads.com/lists/apache/dev/403775
http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/

Updated on 2017-03-28

Severity

Classification

CVE CVE-2011-4415
CVSS Base Score: 1.2
AV:L/AC:H/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Tomcat Information Disclosure Vulnerability (Windows)
Embedded Web Server Detection
Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
Mini Web Server Cross Site Scripting and Directory Traversal Vulnerabilities
Several GET locks web server

Take action and discover your vulnerabilities