CVE-2014-0117
Published: 20 July 2014
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
Notes
Author | Note |
---|---|
mdeslar | PoC: http://seclists.org/fulldisclosure/2014/Jul/117 |
Priority
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(2.2.14-5ubuntu8.13)
|
precise |
Not vulnerable
(2.2.22-1ubuntu1.6)
|
|
trusty |
Released
(2.4.7-1ubuntu4.1)
|
|
upstream |
Released
(2.4.10)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1610737 |