Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-0098

Published: 18/03/2014 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 450
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Apache

Vulnerability Summary

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server prior to 2.4.8 allows remote malicious users to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

oracle secure global desktop 4.71

oracle http server 12.1.3.0

oracle secure global desktop 4.63

oracle http server 12.1.2.0

oracle http server 11.1.1.7.0

oracle http server 10.1.3.5.0

oracle secure global desktop 5.0

oracle secure global desktop 5.1

canonical ubuntu linux 13.10

canonical ubuntu linux 12.10

canonical ubuntu linux 10.04

canonical ubuntu linux 12.04

Vendor Advisories

Ubuntu Security Notice: apache2 vulnerabilities
Apache HTTP server could be made to crash if it received specially crafted network traffic ...
Amazon Linux AMI: ALAS-2014-331
It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possib ...
Amazon Linux AMI: ALAS-2014-309
The log_cookie function in mod_log_configc in the mod_log_config module in the Apache HTTP Server before 248 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation ...
Tenable Security Advisories: [R6] SecurityCenter Affected by Multiple Third-party Library Vulnerabilities
Tenable's SecurityCenter is affected by several vulnerabilities due to the use of third-party libraries, specifically Apache HTTP Server and PHP CVE-2014-3515 - PHP unserialize() Call SPL ArrayObject / SPLObjectStorage Type Confusion Remote Code Execution PHP contains an type confusion flaw that is triggered when performing an unserialize() call ...

References

NVD-CWE-noinfohttp://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?r1=1575394&r2=1575400&diff_format=hhttp://www.apache.org/dist/httpd/CHANGES_2.4.9http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.chttp://www.ubuntu.com/usn/USN-2152-1http://secunia.com/advisories/58915http://www-01.ibm.com/support/docview.wss?uid=swg21668973http://www.securityfocus.com/bid/66303http://secunia.com/advisories/59345http://secunia.com/advisories/59315https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://secunia.com/advisories/58230http://secunia.com/advisories/60536http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlhttps://support.apple.com/kb/HT6535http://marc.info/?l=bugtraq&m=141390017113542&w=2http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://seclists.org/fulldisclosure/2014/Dec/23http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://advisories.mageia.org/MGASA-2014-0135.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttps://support.apple.com/HT204659http://www-01.ibm.com/support/docview.wss?uid=swg21676091http://www-01.ibm.com/support/docview.wss?uid=swg21676092http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698http://marc.info/?l=bugtraq&m=141017844705317&w=2https://httpd.apache.org/security/vulnerabilities_24.htmlhttp://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGEShttp://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.htmlhttp://security.gentoo.org/glsa/glsa-201408-12.xmlhttp://secunia.com/advisories/59219https://puppet.com/security/cve/cve-2014-0098http://www.securityfocus.com/archive/1/534161/100/0/threadedhttps://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Ehttps://usn.ubuntu.com/2152-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook