Denial of Service Vulnerability in Apache HTTP Server Mod_Proxy_Fcgi
CVE-2014-3583

Currently unrated

Key Information:

Vendor

Apple
Status
Mac Os X
Os X Server
Vendor
CVE Published:
15 December 2014

What is CVE-2014-3583?

The handle_headers function in the mod_proxy_fcgi module of Apache HTTP Server version 2.4.10 is susceptible to a denial of service attack. This vulnerability allows remote FastCGI servers to trigger a buffer over-read, which may result in the crashing of the daemon due to excessively lengthy response headers.

References

http://httpd.apache.org/security/vulnerabilities_24.html
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1163555
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2523-1
vendor-advisoryx_refsource_UBUNTU

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.