CVE-2013-4352
EPSS 24.4%
Description
The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.
How to fix CVE-2013-4352
To remediate CVE-2013-4352, upgrade the affected package to a fixed version below.
- Debian/apache2—upgrade to 2.4.7-1 or later
Is CVE-2013-4352 being exploited?
Moderate — EPSS is 24.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2.4.7-1