PT-2014-3476 · Apache+5 · Apache Http Server+5

Published

2014-03-17

Updated

2024-06-15

CVE-2014-0098

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.8

Description The issue allows remote attackers to cause a denial of service, resulting in a segmentation fault and daemon crash. This is achieved through a crafted cookie that is not properly handled during truncation, specifically targeting the log cookie function in the mod log config module.

Recommendations For versions prior to 2.4.8, update to version 2.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the mod log config module until a patch is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2015-1890

CESA-2014_0370

CVE-2014-0098

HPSBUX03102

HPSBUX03150

MGASA-2014-0135

OPENSUSE-SU-2014_0969-1

OPENSUSE-SU-2024:10268-1

RHSA-2014:0369

RHSA-2014:0370

RHSA-2014:0783

RHSA-2014:0826

RHSA-2014_0369

RHSA-2014_0370

SUSE-SU-2015:0689-1

Affected Products

Alt Linux

Apache Http Server

Centos

Hp-Ux

Red Hat

Suse

PT-2014-3476 · Apache+5 · Apache Http Server+5

CVE-2014-0098

Related Identifiers

Affected Products

References · 212