Request a Demo

Apache – CVE-2015-0253

Description

Kayran has detected that the Version of Apache HTTP Server being used has a ‘Crash in ErrorDocument 400 handling’ vulnerability.
CVE-2015-0253 is categorized as an ‘NULL Pointer Dereference’ vulnerability (CWE-476).
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is actually NULL.
That, will probably cause a crash or an exit.

NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.

The read_request_line function in server/protocol.c in the version of Apache being used does not initialize the protocol structure member.
That could be abused by attackers to cause Denial of Service (DoS) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.

There’s a chance that it will cause a decrease in performance and also for interruptions in the availability of resources.

Recommendation

To fix CVE-2015-0253, upgrade the version of Apache HTTP Server being used to 2.4.16 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-0253

https://cwe.mitre.org/data/definitions/476.html

< Return to all Vulnerabilities

Request a Demo

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »
Facebook Linkedin

WEB APPLICATION VULNERABILITY SCANNER

Links

registered user?

Log in
Facebook Linkedin