Published: 15/12/2014 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Subscribe to Mac Os X

The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x 10.10.0
apple mac os x 10.10.4
apple mac os x 10.10.1
apple mac os x 10.9.5
apple mac os x 10.10.3
apple mac os x 10.10.2
apple os x server 5.0.3
apache http server 2.4.10
canonical ubuntu linux 12.04
canonical ubuntu linux 14.10
canonical ubuntu linux 14.04
canonical ubuntu linux 10.04

Several security issues were fixed in the Apache HTTP Server ...

mod_luac in the mod_lua module in the Apache HTTP Server 23x and 24x through 2410 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging mu ...

A buffer overflow flaw was found in mod_proxy_fcgi's handle_headers() function A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash ...

CWE-119 http://httpd.apache.org/security/vulnerabilities_24.html https://bugzilla.redhat.com/show_bug.cgi?id=1163555 http://svn.apache.org/viewvc?view=revision&revision=1638818 http://www.securityfocus.com/bid/71657 http://www.ubuntu.com/usn/USN-2523-1 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html https://support.apple.com/kb/HT205031 http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html https://support.apple.com/HT205219 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://rhn.redhat.com/errata/RHSA-2015-1855.html https://security.gentoo.org/glsa/201701-36 https://access.redhat.com/errata/RHSA-2015:1858 https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E https://usn.ubuntu.com/2523-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-3583

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook