CVE-2015-0253

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:N/A

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2013-5704, CVE-2014-0067, CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2014-8161, CVE-2014-8500, CVE-2015-0228, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244, CVE-2015-1349, CVE-2015-3165, CVE-2015-3166, CVE-2015-3167, CVE-2015-3183, CVE-2015-3185, CVE-2015-5911, CVE-2016-8743

Published on 21/07/15 - Updated on 05/01/18

Description

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.

Category:

There is insufficient information about the issue to classify it; details are unknown or unspecified.

Security Notices

US National Vulnerability DatabaseCVE-2015-0253
Amazon Linux ALAS-2015-579
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2015-AVI-355, CERTFR-2015-AVI-394
Arch Linux ASA-201507-15
Debian LTSDLA-841-2
Renater 2015/VULN191

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
apachehttp_server
applemac_os_x
applemac_os_x_server
oraclelinux
oraclesolaris

Share this vulnerability with:

Twitter Facebook LinkedIn Mail