Your submission was sent successfully! Close

CVE-2014-3583

Published: 15 December 2014

The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

Notes

AuthorNote
mdeslaur
introduced by http://svn.apache.org/viewvc?view=revision&revision=1594537
only affects 2.4.10
Priority

Low

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian
lucid Not vulnerable
(code not present)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(2.4.7-1ubuntu4.1)
upstream
Released (2.4.11)
utopic
Released (2.4.10-1ubuntu1.1)
Patches:
upstream: http://svn.apache.org/viewvc?view=revision&revision=1638818
upstream: https://github.com/apache/httpd/commit/55ad7eb6a83b25282727e3b8baad43db15dbc29b (2.4.x)