CVE-2014-3581

Published: 10 October 2014

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

Priority

Low

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian
Upstream
Released (2.4.10-3)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.4.7-1ubuntu4.4)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1624234
Upstream: https://github.com/apache/httpd/commit/c164ca7383d5f204915d85a5826655d3f1557148 (2.4.x)