Apache HTTP Server 'ap_pregsub()' Function Local Denial Of Service Vulnerability Network Vulnerability

Summary

Apache HTTP Server is prone to a local denial-of-service vulnerability because of a NULL-pointer dereference error or a memory exhaustion. Local attackers can exploit this issue to trigger a NULL-pointer dereference or memory exhaustion, and cause a server crash, denying service to legitimate users. Note: To trigger this issue, 'mod_setenvif' must be enabled and the attacker should be able to place a malicious '.htaccess' file on the affected webserver. Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21 are vulnerable. Other versions may also be affected.

References

http://httpd.apache.org/
http://www.gossamer-threads.com/lists/apache/dev/403775
http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/

Updated on 2017-03-28

Severity

Classification

CVE CVE-2011-4415

CVSS	Base Score: 1.2 AV:L/AC:H/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Embedded Web Server Detection
Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
Webserver 4D Cleartext Passwords
Apache Tomcat Information Disclosure Vulnerability (Windows)
Appweb Web Server Cross Site Scripting Vulnerability

Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability

Take action and discover your vulnerabilities