PublicDateAtUSN: 2014-12-15
Candidate: CVE-2014-3583
PublicDate: 2014-12-15 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583
 https://ubuntu.com/security/notices/USN-2523-1
Description:
 The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi
 module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to
 cause a denial of service (buffer over-read and daemon crash) via long
 response headers.
Ubuntu-Description:
Notes:
 mdeslaur> introduced by http://svn.apache.org/viewvc?view=revision&revision=1594537
 mdeslaur> only affects 2.4.10
Bugs:
Priority: low
Discovered-by: Teguh P. Alko
Assigned-to: mdeslaur
CVSS: 

Patches_apache2:
 upstream: http://svn.apache.org/viewvc?view=revision&revision=1638818
 upstream: https://github.com/apache/httpd/commit/55ad7eb6a83b25282727e3b8baad43db15dbc29b (2.4.x)
upstream_apache2: released (2.4.11)
lucid_apache2: not-affected (code not present)
precise_apache2: not-affected (code not present)
trusty_apache2: not-affected (2.4.7-1ubuntu4.1)
trusty/esm_apache2: not-affected (2.4.7-1ubuntu4.1)
utopic_apache2: released (2.4.10-1ubuntu1.1)
devel_apache2: not-affected (2.4.10-8ubuntu2)