header-logo
Suggest Exploit
vendor:
Apache HTTP Server
by:
SecurityFocus
7.5
CVSS
HIGH
NULL Pointer Dereference
476
CWE
Product Name: Apache HTTP Server
Affected Version From: Apache 1.3.20
Affected Version To: Apache 1.3.26
Patch Exists: YES
Related CWE: CVE-2002-0392
CPE: o:apache:apache_http_server
Metasploit: https://www.rapid7.com/db/vulnerabilities/apache-httpd-cve-2002-0392/https://www.rapid7.com/db/vulnerabilities/http-apache2-chunked-transfer-int-bof/https://www.rapid7.com/db/vulnerabilities/apache-httpd-1_3_x-apache-chunked-encoding-vulnerability-cve-2002-0392/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Windows, Mac
2002

A vulnerability has been reported for the mod_access_referer Apache module

The mod_access_referer Apache module is vulnerable to a NULL pointer dereference when parsing invalid HTTP referer header fields. If an attacker sends a request with a referer header field that is missing the 'http' protocol, the module will attempt to parse the string as a valid URL, resulting in a NULL pointer dereference. This can cause Apache to segfault, resulting in a denial of service.

Mitigation:

Upgrade to the latest version of Apache, or apply the patch referenced in the SecurityFocus BID.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7375/info

A vulnerability has been reported for the mod_access_referer Apache module. The problem occurs when parsing invalid HTTP referer header fields. If this vulnerability were to be triggered, it may be possible to trigger a NULL pointer dereference, effectively causing Apache to segfault.

Referer: ://its-missing-http.com

Navigation

Suggest Exploit

Services By CQR