A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Http_server | Apache | 2.4.7 (including) | 2.4.52 (excluding) |
| JBoss Core Services for RHEL 8 | RedHat | jbcs-httpd24-httpd-0:2.4.51-28.el8jbcs | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-httpd-0:2.4.51-28.el7jbcs | * |
| Red Hat Enterprise Linux 8 | RedHat | httpd:2.4-8060020220321163517.d63f516d | * |
| Red Hat JBoss Core Services 1 | RedHat | jbcs-httpd24-httpd | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | httpd24-httpd-0:2.4.34-23.el7.5 | * |
| Apache2 | Ubuntu | bionic | * |
| Apache2 | Ubuntu | devel | * |
| Apache2 | Ubuntu | esm-infra/xenial | * |
| Apache2 | Ubuntu | focal | * |
| Apache2 | Ubuntu | hirsute | * |
| Apache2 | Ubuntu | impish | * |
| Apache2 | Ubuntu | jammy | * |
| Apache2 | Ubuntu | trusty/esm | * |
| Apache2 | Ubuntu | upstream | * |