BSA-2017-497
21327
29 December 2017
11 December 2017
Closed
Medium
5.0
N/A
CVE-2015-0253
Summary Security Advisory ID : BSA-2017-497 Component : Apache HTTPD Revision : 1.0: Final
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.
Products Confirmed Not Vulnerable
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.
Revision History
Version |
Change |
Date |
---|---|---|
1.0 |
Initial Publication |
Dec 29, 2017 |