Search for vulnerabilities
Vulnerability details: VCID-fe71-mseb-aaaa
Vulnerability ID VCID-fe71-mseb-aaaa
Aliases CVE-2015-0253
Summary The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-476 NULL Pointer Dereference
System Score Found at
generic_textual Medium http://httpd.apache.org/security/vulnerabilities_24.html
rhas Moderate https://access.redhat.com/errata/RHSA-2015:1666
epss 0.01727 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.01727 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.01727 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.01727 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.01727 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.01727 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.01727 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.01727 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.01727 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.01727 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.01727 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.08163 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.08163 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.08163 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.08163 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.08163 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.08163 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.08163 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.08163 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.08163 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.08220 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.0828 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.08597 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.08597 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.08597 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
epss 0.11628 https://api.first.org/data/v1/epss?cve=CVE-2015-0253
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1243891
apache_httpd low https://httpd.apache.org/security/json/CVE-2015-0253.json
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2015-0253
cvssv3.1 7.5 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
generic_textual Low http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Reference id Reference type URL
http://httpd.apache.org/security/vulnerabilities_24.html
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
http://rhn.redhat.com/errata/RHSA-2015-1666.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0253.json
https://api.first.org/data/v1/epss?cve=CVE-2015-0253
https://bz.apache.org/bugzilla/show_bug.cgi?id=57531
https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb
https://github.com/apache/httpd/commit/be0f5335e3e73eb63253b050fdc23f252f5c8ae3
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://support.apple.com/HT205219
https://support.apple.com/kb/HT205031
http://www.apache.org/dist/httpd/CHANGES_2.4
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/75964
http://www.securitytracker.com/id/1032967
1243891 https://bugzilla.redhat.com/show_bug.cgi?id=1243891
cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:5.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x_server:5.0.3:*:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
CVE-2015-0253 https://httpd.apache.org/security/json/CVE-2015-0253.json
CVE-2015-0253 https://nvd.nist.gov/vuln/detail/CVE-2015-0253
RHSA-2015:1666 https://access.redhat.com/errata/RHSA-2015:1666
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2015-0253
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.88245
EPSS Score 0.01727
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.