Description

The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.

Remediation

References

CVE-2013-4352

Related Vulnerabilities

Atlassian Jira Improper Privilege Management Vulnerability (CVE-2018-13400)

Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3499)

Apache Tomcat Improper Authentication Vulnerability (CVE-2012-5887)

WordPress Plugin Two Way CHAT-Send or receive messages to your user Multiple Vulnerabilities (3.1.4)

PHP Use After Free Vulnerability (CVE-2019-9020)

Severity

Medium

Classification

CVE-2013-4352

Tags

Missing Update Known Vulnerabilities