Candidate: CVE-2015-0253
PublicDate: 2015-07-20 23:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0253
 http://www.apache.org/dist/httpd/CHANGES_2.4
 http://httpd.apache.org/security/vulnerabilities_24.html
Description:
 The read_request_line function in server/protocol.c in the Apache HTTP
 Server 2.4.12 does not initialize the protocol structure member, which
 allows remote attackers to cause a denial of service (NULL pointer
 dereference and process crash) by sending a request that lacks a method to
 an installation that enables the INCLUDES filter and has an ErrorDocument
 400 directive specifying a local URI.
Ubuntu-Description:
Notes:
 tyhicks> Only affected 2.4.12
Bugs:
 https://bz.apache.org/bugzilla/show_bug.cgi?id=57531
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_apache2:
 upstream: https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb
upstream_apache2: released (2.4.12-1)
precise_apache2: not-affected
trusty_apache2: not-affected
trusty/esm_apache2: not-affected
utopic_apache2: not-affected
vivid_apache2: not-affected (2.4.10-9ubuntu1)
devel_apache2: not-affected (2.4.12-2ubuntu1)