Apache HTTP Server 2.4.5/2.4.6 mod_cache null pointer dereference
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.6 | $0-$5k | 0.00 |
Summary
A vulnerability described as problematic has been identified in Apache HTTP Server 2.4.5/2.4.6. The impacted element is an unknown function of the component mod_cache. Such manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2013-4352. There is no exploit available. Upgrading the affected component is recommended.
Details
A vulnerability was found in Apache HTTP Server 2.4.5/2.4.6 (Web Server). It has been rated as problematic. Affected by this issue is an unknown code block of the component mod_cache. The manipulation with an unknown input leads to a null pointer dereference vulnerability. Using CWE to declare the problem leads to CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. Impacted is availability.
The weakness was shared 07/14/2014 as Fixed in Apache httpd 2.4.7 as confirmed advisory (Website). The advisory is shared for download at httpd.apache.org. This vulnerability is handled as CVE-2013-4352 since 06/12/2013. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available. The advisory points out:
A NULL pointer dereference was found in mod_cache. A malicious HTTP server could cause a crash in a caching forward proxy configuration. (Note that this vulnerability was fixed in the 2.4.7 release, but the security impact was not disclosed at the time of the release.)
The vulnerability was handled as a non-public zero-day exploit for at least 73 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 76745 (Oracle Linux 7 : httpd (ELSA-2014-0921)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Oracle Linux Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 157130 (Oracle Enterprise Linux Security Update for httpd24-httpd (ELSA-2014-1972)).
Upgrading to version 2.4.7 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 16692.
The vulnerability is also documented in the databases at X-Force (94677), Tenable (76745), SecurityFocus (BID 68863†), OSVDB (109233†) and Vulnerability Center (SBV-45508†). The entries VDB-6090, VDB-6092, VDB-9602 and VDB-67180 are related to this item. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.apache.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 4.6
VulDB Base Score: 5.3
VulDB Temp Score: 4.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Null pointer dereferenceCWE: CWE-476 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 76745
Nessus Name: Oracle Linux 7 : httpd (ELSA-2014-0921)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 803021
OpenVAS Name: Apache HTTP Server Mod_Cache Denial of service Vulnerability May15
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Upgrade: HTTP Server 2.4.7
TippingPoint: 🔍
ISS Proventia IPS: 🔍
Fortigate IPS: 🔍
Timeline
06/12/2013 🔍09/14/2013 🔍
09/14/2013 🔍
11/26/2013 🔍
07/14/2014 🔍
07/14/2014 🔍
07/18/2014 🔍
07/20/2014 🔍
07/20/2014 🔍
07/24/2014 🔍
02/09/2022 🔍
Sources
Vendor: apache.orgAdvisory: Fixed in Apache httpd 2.4.7
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2013-4352 (🔍)
GCVE (CVE): GCVE-0-2013-4352
GCVE (VulDB): GCVE-100-67184
OVAL: 🔍
X-Force: 94677 - Apache HTTP Server mod_cache denial of service, Medium Risk
SecurityFocus: 68863 - Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
OSVDB: 109233
Vulnerability Center: 45508 - Apache HTTP Server 2.4.6 Remote DoS in mod_cache, Medium
See also: 🔍
Entry
Created: 07/18/2014 11:16Updated: 02/09/2022 15:58
Changes: 07/18/2014 11:16 (80), 06/02/2017 07:58 (8), 02/09/2022 15:52 (3), 02/09/2022 15:58 (1)
Complete: 🔍
Cache ID: 216:CD8:103
No comments yet. Languages: en.
Please log in to comment.