VDB
CVE-2013-4352
CVE-2013-4352
REJECTED
The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.
EPSS 24.35% · 96.2th percentile
Risk Scores
EPSS Score
24.35%
96.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | apache2 | 0, 2.4.6-2ubuntu2, 2.4.6-2ubuntu3 |
Exploit Intelligence
- http://httpd.apache.org/security/vulnerabilities_24.html (circl)
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/cache_storage.c (circl)
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/cache_storage.c?r1=1491564&r2=1523235&diff_format=h (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=1120604 (circl)
- [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (circl)
- [httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (circl)
- [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (circl)
- [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (circl)
- [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ (circl)
- [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (circl)
…and 6 more exploits
Timeline
- Jul 20, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Jun 27, 2023 EPSS Score
- Aug 14, 2023 EPSS Score
- Apr 12, 2025 CVE Updated
- May 1, 2025 EPSS Score
- May 4, 2025 EPSS Score
- Jun 1, 2025 EPSS Score
- Jun 4, 2025 EPSS Score
- Jul 1, 2025 EPSS Score
- Jul 4, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2013-4352 third-party-advisory
- http://httpd.apache.org/security/vulnerabilities_24.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2013-4352 third-party-advisory