CVE-2014-3583
Published: 15 December 2014
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.
Notes
Author | Note |
---|---|
mdeslaur | introduced by http://svn.apache.org/viewvc?view=revision&revision=1594537 only affects 2.4.10 |
Priority
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.4.11)
|
lucid |
Not vulnerable
(code not present)
|
|
precise |
Not vulnerable
(code not present)
|
|
trusty |
Not vulnerable
(2.4.7-1ubuntu4.1)
|
|
utopic |
Released
(2.4.10-1ubuntu1.1)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1638818 upstream: https://github.com/apache/httpd/commit/55ad7eb6a83b25282727e3b8baad43db15dbc29b (2.4.x) |