PT-2014-8623 · Apache+2 · Apache Http Server+3

Published

2014-11-05

Updated

2019-07-09

CVE-2014-8567

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions mod auth mellon versions prior to 0.8.1

Description The issue allows remote attackers to cause a denial of service, resulting in an Apache HTTP server crash. This is achieved through a crafted logout request that triggers a read of uninitialized data.

Recommendations For versions prior to 0.8.1, update to version 0.8.1 or later to resolve the issue.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CESA-2014_1803

CVE-2014-8567

RHSA-2014:1803

RHSA-2014_1803

Affected Products

Apache Http Server

Centos

Red Hat

Mod Auth Mellon

PT-2014-8623 · Apache+2 · Apache Http Server+3

CVE-2014-8567

Weakness Enumeration

Related Identifiers

Affected Products

References · 11