Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-3583

Published: 15 December 2014

The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

Notes

AuthorNote
mdeslaur
introduced by http://svn.apache.org/viewvc?view=revision&revision=1594537
only affects 2.4.10

Priority

Low

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian
upstream
Released (2.4.11)
lucid Not vulnerable
(code not present)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(2.4.7-1ubuntu4.1)
utopic
Released (2.4.10-1ubuntu1.1)
Patches:
upstream: http://svn.apache.org/viewvc?view=revision&revision=1638818
upstream: https://github.com/apache/httpd/commit/55ad7eb6a83b25282727e3b8baad43db15dbc29b (2.4.x)