PT-2014-5405 · Apache+1 · Apache Http Server+1

Teguh P. Alko

Published

2014-11-12

Updated

2024-06-15

CVE-2014-3583

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache HTTP Server version 2.4.10

Description The issue allows remote FastCGI servers to cause a denial of service, resulting in a buffer over-read and daemon crash, via long response headers. This is due to an out-of-bounds memory read in the mod proxy fcgi module. A malicious FastCGI server could send a carefully crafted response, leading to a crash when reading past the end of a heap memory or stack buffer.

Recommendations For Apache HTTP Server version 2.4.10, consider disabling the handle headers function in the mod proxy fcgi module as a temporary workaround until a patch is available. Restrict access to the mod proxy fcgi module to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2014-3583

OPENSUSE-SU-2024:10268-1

RHSA-2015:1855

USN-2523-1

Affected Products

Apache Http Server

Ubuntu

PT-2014-5405 · Apache+1 · Apache Http Server+1

CVE-2014-3583

Weakness Enumeration

Related Identifiers

Affected Products

References · 98