| VID |
22189 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The version of the Apache module mod_access_referer is vulnerable to a denial of service attack.
Apache module mod_access_referer is a module for the Apache HTTP Server that provides access control based on "Referer" HTTP header content. This module contains a NULL pointer dereference vulnerability. An example referer header field to trigger the issue:
Referer: ://its-missing-http.com
Abuse of this NULL pointer dereference vulnerability can possibly be used in denial of service attacks against affected systems.
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securiteam.com/unixfocus/5ZP0O009PM.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0025.html
* Platforms Affected:
mod_access_referer version 1.0.2 |
| Recommendation |
A simple patch is available here:
http://sourceforge.net/projects/accessreferer/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
