CVE-2016-2161
EUVD-2016-325327.07.2017, 21:29
In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | http_server | 2.4.0 |
| apache | http_server | 2.4.1 |
| apache | http_server | 2.4.2 |
| apache | http_server | 2.4.3 |
| apache | http_server | 2.4.6 |
| apache | http_server | 2.4.7 |
| apache | http_server | 2.4.8 |
| apache | http_server | 2.4.9 |
| apache | http_server | 2.4.10 |
| apache | http_server | 2.4.12 |
| apache | http_server | 2.4.14 |
| apache | http_server | 2.4.16 |
| apache | http_server | 2.4.19 |
| apache | http_server | 2.4.20 |
| apache | http_server | 2.4.21 |
| apache | http_server | 2.4.22 |
| apache | http_server | 2.4.23 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-823 - Use of Out-of-range Pointer OffsetThe program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
References