Description

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.

Remediation

References

CVE-2015-0253

Related Vulnerabilities

WordPress Plugin WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Security Bypass (7.6.4)

WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking SQL Injection (1.6.7)

WebLogic CVE-2019-2856 Vulnerability (CVE-2019-2856)

Undertow Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7816)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-2922)

Severity

Medium

Classification

CVE-2015-0253

Tags

Missing Update Known Vulnerabilities