Bug 1120604 (CVE-2013-4352)

Summary: CVE-2013-4352 httpd: mod_cache NULL pointer dereference crash
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aneelica, anmiller, bdunne, cdewolf, dajohnso, dandread, darran.lofthouse, dclarizi, dknox, fnasser, gmccullo, huwang, jason.greene, jawilson, jclere, jdoyle, jfrey, jkaluza, jorton, jprause, jrafanie, jrusnack, jvlcek, kseifried, lgao, mmaslano, myarboro, obarenbo, pahan, pgier, pslavice, rmeggins, rsvoboda, vdanen, vtunka, webstack-team, weli, xlecauch
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: httpd 2.4.7 Doc Type: Bug Fix
Doc Text:
A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching.
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-11-21 20:24:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1120607, 1120608, 1120614, 1121037, 1121038    
Bug Blocks: 1120610, 1120623    

Description Murray McAllister 2014-07-17 09:18:30 UTC
The following flaw has been fixed in the Apache HTTP Server:

"A NULL pointer dereference was found in mod_cache. A malicious HTTP server could cause a crash in a caching forward proxy configuration."

External References:

http://httpd.apache.org/security/vulnerabilities_24.html

Comment 2 Murray McAllister 2014-07-17 09:41:40 UTC
Created httpd tracking bugs for this issue:

Affects: fedora-all [bug 1120614]

Comment 4 Vincent Danen 2014-07-18 13:19:29 UTC
Statement:

This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6 as only httpd version 2.4.6 included the vulnerable code.

Comment 5 Tomas Hoger 2014-07-23 07:07:26 UTC
Upstream commit:
http://svn.apache.org/viewvc?view=revision&revision=1523235

Comment 6 errata-xmlrpc 2014-07-23 10:01:06 UTC
This issue has been addressed in following products:

  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
  Red Hat Software Collections 1 for Red Hat Enterprise Linux 7

Via RHSA-2014:0922 https://rhn.redhat.com/errata/RHSA-2014-0922.html

Comment 7 errata-xmlrpc 2014-07-23 10:01:52 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 7

Via RHSA-2014:0921 https://rhn.redhat.com/errata/RHSA-2014-0921.html

Comment 8 Martin Prpič 2014-07-28 11:28:40 UTC
IssueDescription:

A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching.