Computer Security
[EN] securityvulns.ru no-pyccku


Apache multiple security vulnerabilities
Published:28.07.2014
Source:
SecurityVulns ID:13888
Type:remote
Threat Level:
7/10
Description:mod_status buffer overflow, mod_proxy, mod_deflate, mod_cgid DoS.
Affected:APACHE : Apache 2.4
CVE:CVE-2014-0231 (The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.)
 CVE-2014-0226 (Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.)
 CVE-2014-0118 (The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.)
 CVE-2014-0117 (The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.)
Original documentdocumentUBUNTU, [USN-2299-1] Apache HTTP Server vulnerabilities (28.07.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod