CVE-2014-0098
Published: 18 March 2014
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
Notes
Author | Note |
---|---|
mdeslaur | lucid has different code and doesn't look vulnerable |
Priority
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.4.8)
|
lucid |
Not vulnerable
(code not present)
|
|
precise |
Released
(2.2.22-1ubuntu1.5)
|
|
quantal |
Released
(2.2.22-6ubuntu2.4)
|
|
saucy |
Released
(2.4.6-2ubuntu2.2)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1575400 (trunk) upstream: http://svn.apache.org/viewvc?view=revision&revision=1575904 (2.4) upstream: http://svn.apache.org/viewvc?view=revision&revision=1374538 (2.2 bp) upstream: http://svn.apache.org/viewvc?view=revision&revision=1576716 (2.2) |