Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
Apache HTTP Server is prone to a local denial-of-service vulnerability because of a NULL-pointer dereference error or a memory exhaustion.
Local attackers can exploit this issue to trigger a NULL-pointer dereference or memory exhaustion, and cause a server crash, denying service to legitimate users.
Note: To trigger this issue, 'mod_setenvif' must be enabled and the attacker should be able to place a malicious '.htaccess' file on the affected webserver.
Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21 are vulnerable. Other versions may also be affected.