Executive Summary

Informations
Name CVE-2013-4352 First vendor Publication 2014-07-20
Vendor Cve Last vendor Modification 2019-08-15

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4352

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Snort® IPS/IDS

Date Description
2015-09-15 Apache HTTP server mod_cache denial of service attempt
RuleID : 35532 - Revision : 3 - Type : SERVER-WEBAPP
2015-09-15 Apache HTTP server mod_cache denial of service attempt
RuleID : 35531 - Revision : 3 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_apache_20141014.nasl - Type : ACT_GATHER_INFO
2014-08-21 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-503.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote web server is affected by a denial of service vulnerability.
File : apache_2_4_7.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0921.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0921.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0921.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
CONFIRM http://httpd.apache.org/security/vulnerabilities_24.html
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/cache_storage.c
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/cache_storage.c?...
https://bugzilla.redhat.com/show_bug.cgi?id=1120604
MLIST https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e8029...
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277...
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b957...
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326...

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2020-05-23 00:38:00
  • Multiple Updates
2019-08-15 13:19:32
  • Multiple Updates
2016-07-21 12:03:43
  • Multiple Updates
2015-09-15 21:22:51
  • Multiple Updates
2015-01-21 13:26:21
  • Multiple Updates
2014-08-22 13:26:46
  • Multiple Updates
2014-08-05 00:22:52
  • Multiple Updates
2014-07-31 13:24:45
  • Multiple Updates
2014-07-25 13:21:37
  • Multiple Updates
2014-07-22 05:26:42
  • Multiple Updates
2014-07-20 17:21:38
  • First insertion