The following flaw has been fixed in the Apache HTTP Server: "A NULL pointer dereference was found in mod_cache. A malicious HTTP server could cause a crash in a caching forward proxy configuration." External References: http://httpd.apache.org/security/vulnerabilities_24.html
Created httpd tracking bugs for this issue: Affects: fedora-all [bug 1120614]
Statement: This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6 as only httpd version 2.4.6 included the vulnerable code.
Upstream commit: http://svn.apache.org/viewvc?view=revision&revision=1523235
This issue has been addressed in following products: Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 Via RHSA-2014:0922 https://rhn.redhat.com/errata/RHSA-2014-0922.html
This issue has been addressed in following products: Red Hat Enterprise Linux 7 Via RHSA-2014:0921 https://rhn.redhat.com/errata/RHSA-2014-0921.html
IssueDescription: A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching.