CVE-2015-0253

CVE Database · CVE-2015-0253

CVE-2015-0253

· N/AModified

CVSS v3.1

N/A

EPSS

14.73%

Published

Jul 20, 2015

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.

Affected Products (5)

apache · http_servervulnerable

apple · mac_os_xvulnerable

apple · mac_os_x_servervulnerable

oracle · linuxvulnerable

oracle · solarisvulnerable

References (20)

http://httpd.apache.org/security/vulnerabilities_24.html

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Mailing List

http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html