FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mod_access_referer -- null pointer dereference vulnerability

Affected packages
mod_access_referer < 1.0.2_1


VuXML ID af747389-42ba-11d9-bd37-00065be4b5b6
Discovery 2003-04-16
Entry 2004-12-11
Modified 2005-01-19

A malformed Referer header field causes the Apache ap_parse_uri_components function to discard it with the result that a pointer is not initialized. The mod_access_referer module does not take this into account with the result that it may use such a pointer.

The null pointer vulnerability may possibly be used in a remote denial of service attack against affected Apache servers.


Bugtraq ID 7375
CVE Name CVE-2003-1054