Kawahara Masashi

Name of the Vulnerable Software and Affected Versions: httpd version 2.2.15-60 Description: A regression was found in httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. This issue is related to the use of memory after it has been freed when processing comments in the Allow and Deny lines of the Limit directive in the .htaccess configuration file. Exploitation of this issue may allow a remote attacker to cause a crash of the httpd child process or gain access to restricted HTTP resources. Recommendations: For httpd version 2.2.15-60, consider updating to a newer version that includes a fix for this issue, as the current version may allow unintended access to restricted HTTP resources due to incorrect parsing of comments in configuration lines.