Description
By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2017-10120 Vulnerability (CVE-2017-10120)
Oracle JRE CVE-2018-2797 Vulnerability (CVE-2018-2797)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-11112)
Nexus Repository Manager Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-27907)
phpList Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-3188)