#VU10953 Improper input validation


Published: 2018-03-12 | Updated: 2018-03-13

Vulnerability identifier: #VU10953

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-8612

CWE-ID: CWE-20

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Apache HTTP Server
Server applications / Web servers

Vendor: Apache Foundation

Description

The vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the mod_cluster module due to improper input validation by the protocol parsing logic in the mod_cluster module. An adjacent attacker can send a specially crafted request, trigger a segmentation fault in the serving httpdprocess and cause the service to crash.

Mitigation
Update to version 2.4.23.

Vulnerable software versions

Apache HTTP Server: 2.4.0.0 - 2.4.22


CPE

External links
http://access.redhat.com/errata/RHSA-2016:2957


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability