Computer Security
[EN] securityvulns.ru no-pyccku


Apache security vulnerabilities
Published:24.03.2014
Source:
SecurityVulns ID:13623
Type:remote
Threat Level:
6/10
Description:mod_log_config DoS, mod_dav buffer overflow.
Affected:APACHE : Apache 2.2
 APACHE : Apache 2.4
CVE:CVE-2014-0098 (The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.)
 CVE-2013-6438 (The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:065 ] apache (24.03.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod