CVE-2014-3583

Name of the Vulnerable Software and Affected Versions Apache HTTP Server version 2.4.10

Description The issue allows remote FastCGI servers to cause a denial of service, resulting in a buffer over-read and daemon crash, via long response headers. This is due to an out-of-bounds memory read in the mod proxy fcgi module. A malicious FastCGI server could send a carefully crafted response, leading to a crash when reading past the end of a heap memory or stack buffer.

Recommendations For Apache HTTP Server version 2.4.10, consider disabling the handle headers function in the mod proxy fcgi module as a temporary workaround until a patch is available. Restrict access to the mod proxy fcgi module to minimize the risk of exploitation.