{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2015-0253", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "http://httpd.apache.org/security/vulnerabilities_24.html", "refsource" : "CONFIRM", "url" : "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "name" : "http://www.apache.org/dist/httpd/CHANGES_2.4", "refsource" : "CONFIRM", "url" : "http://www.apache.org/dist/httpd/CHANGES_2.4" }, { "name" : "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531", "refsource" : "CONFIRM", "url" : "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531" }, { "name" : "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb", "refsource" : "CONFIRM", "url" : "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb" }, { "name" : "https://support.apple.com/kb/HT205031", "refsource" : "CONFIRM", "url" : "https://support.apple.com/kb/HT205031" }, { "name" : "https://support.apple.com/HT205219", "refsource" : "CONFIRM", "url" : "https://support.apple.com/HT205219" }, { "name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "refsource" : "CONFIRM", "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" }, { "name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "refsource" : "CONFIRM", "url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html" }, { "name" : "APPLE-SA-2015-08-13-2", "refsource" : "APPLE", "url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" }, { "name" : "APPLE-SA-2015-09-16-4", "refsource" : "APPLE", "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html" }, { "name" : "RHSA-2015:1666", "refsource" : "REDHAT", "url" : "http://rhn.redhat.com/errata/RHSA-2015-1666.html" }, { "name" : "75964", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/75964" }, { "name" : "1032967", "refsource" : "SECTRACK", "url" : "http://www.securitytracker.com/id/1032967" } ] } }