Fixed in Apache HTTP Server 2.4.52 moderate: Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlierĪ crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). Consult the Apache httpd 2.2 vulnerabilities list for more information. The initial GA release, Apache httpd 2.4.1, includes fixes for all vulnerabilities which have been resolved in Apache httpd 2.2.22 and all older releases.
Please send comments or corrections for these vulnerabilities to the Security Team. Please note that if a vulnerability is shown below as being fixed in a "-dev" release then this means that a fix has been applied to the development source tree and will be part of an upcoming full release. We also list the versions the flaw is known to affect, and where a flaw has not been verified list the version with a question mark. Each vulnerability is given a security impact rating by the Apache security team - please note that this rating may well vary from platform to platform.
This page lists all security vulnerabilities fixed in released versions of Apache HTTP Server 2.4.
0 kommentar(er)
