CVE-2013-4352
The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.2435 (24.4%)
Percentil: 96.1%
EPSS: 2026-05-06
Afecta
apache:http_serverDescripción técnica
The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.
Publicada: 20/7/2014, 11:12:48
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://httpd.apache.org/security/vulnerabilities_24.html
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/cache_storage.c
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/cache_storage.c?r1=1491564&r2=1523235&diff_format=h
- https://bugzilla.redhat.com/show_bug.cgi?id=1120604
- https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E