Denial of Service Vulnerability in Apache HTTP Server Mod_Proxy_Fcgi
CVE-2014-3583

Currently unrated

Key Information:

Vendor: Apple
Status: Mac Os X; Os X Server
Vendor: CVE Published:; 15 December 2014

Summary

The handle_headers function in the mod_proxy_fcgi module of Apache HTTP Server version 2.4.10 is susceptible to a denial of service attack. This vulnerability allows remote FastCGI servers to trigger a buffer over-read, which may result in the crashing of the daemon due to excessively lengthy response headers.

References

http://httpd.apache.org/security/vulnerabilities_24.html

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1163555

x_refsource_CONFIRM

http://www.ubuntu.com/usn/USN-2523-1

vendor-advisoryx_refsource_UBUNTU

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 15, 2014
Vulnerability Reserved
May 14, 2014