Description
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextGEN Gallery-WordPress Gallery PHP Object Injection (3.1.5)
WordPress Plugin wp superb Slideshow Information Disclosure (2.4)
WordPress Plugin Wow Forms-create any form with custom style SQL Injection (3.1.3)
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-5540)
Internet Information Services Other Vulnerability (CVE-2002-0079)