Vigil@nce - Apache httpd: NULL pointer dereference via mod_cache
October 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can force a NULL pointer to be dereferenced in
mod_cache of Apache httpd, in order to trigger a denial of service.
– Impacted products: Apache httpd
– Severity: 2/4
– Creation date: 13/10/2014
DESCRIPTION OF THE VULNERABILITY
The mod_cache module can be installed on Apache httpd to keep
documents in a cache.
The Content-Type header indicates the type of the requested
document.
However, when the Content-Type is empty, the
modules/cache/cache_util.c file does not check if a pointer is
NULL, before using it.
An attacker can therefore force a NULL pointer to be dereferenced
in mod_cache of Apache httpd, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Apache-httpd-NULL-pointer-dereference-via-mod-cache-15463