FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mod_access_referer -- null pointer dereference vulnerability

Affected packages
mod_access_referer < 1.0.2_1

Details

VuXML ID af747389-42ba-11d9-bd37-00065be4b5b6
Discovery 2003-04-16
Entry 2004-12-11
Modified 2005-01-19

A malformed Referer header field causes the Apache ap_parse_uri_components function to discard it with the result that a pointer is not initialized. The mod_access_referer module does not take this into account with the result that it may use such a pointer.

The null pointer vulnerability may possibly be used in a remote denial of service attack against affected Apache servers.

References

Bugtraq ID 7375
CVE Name CVE-2003-1054
Message http://marc.theaimsgroup.com/?l=full-disclosure&m=105053485515811
URL http://secunia.com/advisories/8612/