Description
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
Remediation
References
Related Vulnerabilities
WordPress Plugin TheCartPress eCommerce Shopping Cart Order Information Security Bypass (1.1.9.2)
WordPress Plugin Search Exclude Security Bypass (1.2.2)
Citrix NetScaler Information Disclosure 'Citrix Bleed' (CVE-2023-4966)
Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)