CVE-2014-3581 - The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Ap

CVE-2014-3581

Summary

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

References

Vulnerable Configurations

cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.0:*:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.3:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 07-09-2022 - 17:34)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

redhat via4

advisories

bugzilla

id	1149709
title	CVE-2014-3581 httpd: NULL pointer dereference in mod_cache if Content-Type has empty value

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment httpd is earlier than 0:2.4.6-31.el7
oval oval:com.redhat.rhsa:tst:20150325001
comment httpd is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152194002
AND
comment httpd-devel is earlier than 0:2.4.6-31.el7
oval oval:com.redhat.rhsa:tst:20150325003
comment httpd-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152194004
AND
comment httpd-manual is earlier than 0:2.4.6-31.el7
oval oval:com.redhat.rhsa:tst:20150325005
comment httpd-manual is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152194006
AND
comment httpd-tools is earlier than 0:2.4.6-31.el7
oval oval:com.redhat.rhsa:tst:20150325007
comment httpd-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152194008
AND
comment mod_ldap is earlier than 0:2.4.6-31.el7
oval oval:com.redhat.rhsa:tst:20150325009
comment mod_ldap is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152194010

AND

comment mod_proxy_html is earlier than 1:2.4.6-31.el7
oval oval:com.redhat.rhsa:tst:20150325011
comment mod_proxy_html is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152194012

AND
comment mod_session is earlier than 0:2.4.6-31.el7
oval oval:com.redhat.rhsa:tst:20150325013
comment mod_session is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152194014
AND
comment mod_ssl is earlier than 1:2.4.6-31.el7
oval oval:com.redhat.rhsa:tst:20150325015
comment mod_ssl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152194016

rhsa

id	RHSA-2015:0325
released	2015-03-05
severity	Low
title	RHSA-2015:0325: httpd security, bug fix, and enhancement update (Low)

rpms

httpd24-httpd-0:2.4.6-22.el6
httpd24-httpd-0:2.4.6-25.el7
httpd24-httpd-debuginfo-0:2.4.6-22.el6
httpd24-httpd-debuginfo-0:2.4.6-25.el7
httpd24-httpd-devel-0:2.4.6-22.el6
httpd24-httpd-devel-0:2.4.6-25.el7
httpd24-httpd-manual-0:2.4.6-22.el6
httpd24-httpd-manual-0:2.4.6-25.el7
httpd24-httpd-tools-0:2.4.6-22.el6
httpd24-httpd-tools-0:2.4.6-25.el7
httpd24-mod_ldap-0:2.4.6-22.el6
httpd24-mod_ldap-0:2.4.6-25.el7
httpd24-mod_proxy_html-1:2.4.6-22.el6
httpd24-mod_proxy_html-1:2.4.6-25.el7
httpd24-mod_session-0:2.4.6-22.el6
httpd24-mod_session-0:2.4.6-25.el7
httpd24-mod_ssl-1:2.4.6-22.el6
httpd24-mod_ssl-1:2.4.6-25.el7
httpd-0:2.4.6-31.el7
httpd-debuginfo-0:2.4.6-31.el7
httpd-devel-0:2.4.6-31.el7
httpd-manual-0:2.4.6-31.el7
httpd-tools-0:2.4.6-31.el7
mod_ldap-0:2.4.6-31.el7
mod_proxy_html-1:2.4.6-31.el7
mod_session-0:2.4.6-31.el7
mod_ssl-1:2.4.6-31.el7
apache-commons-collections-eap6-0:3.2.1-18.redhat_7.1.ep6.el6
apache-commons-collections-tomcat-eap6-0:3.2.1-18.redhat_7.1.ep6.el6
httpd24-0:2.4.6-59.ep7.el6
httpd24-debuginfo-0:2.4.6-59.ep7.el6
httpd24-devel-0:2.4.6-59.ep7.el6
httpd24-manual-0:2.4.6-59.ep7.el6
httpd24-tools-0:2.4.6-59.ep7.el6
mod_bmx-0:0.9.5-7.GA.ep7.el6
mod_bmx-debuginfo-0:0.9.5-7.GA.ep7.el6
mod_cluster-native-0:1.3.1-6.Final_redhat_2.ep7.el6
mod_cluster-native-debuginfo-0:1.3.1-6.Final_redhat_2.ep7.el6
mod_ldap24-0:2.4.6-59.ep7.el6
mod_proxy24_html-1:2.4.6-59.ep7.el6
mod_session24-0:2.4.6-59.ep7.el6
mod_ssl24-1:2.4.6-59.ep7.el6
tomcat-vault-0:1.0.8-4.Final_redhat_4.1.ep7.el6
tomcat7-0:7.0.59-42_patch_01.ep7.el6
tomcat7-admin-webapps-0:7.0.59-42_patch_01.ep7.el6
tomcat7-docs-webapp-0:7.0.59-42_patch_01.ep7.el6
tomcat7-el-2.2-api-0:7.0.59-42_patch_01.ep7.el6
tomcat7-javadoc-0:7.0.59-42_patch_01.ep7.el6
tomcat7-jsp-2.2-api-0:7.0.59-42_patch_01.ep7.el6
tomcat7-lib-0:7.0.59-42_patch_01.ep7.el6
tomcat7-log4j-0:7.0.59-42_patch_01.ep7.el6
tomcat7-servlet-3.0-api-0:7.0.59-42_patch_01.ep7.el6
tomcat7-webapps-0:7.0.59-42_patch_01.ep7.el6
tomcat8-0:8.0.18-52_patch_01.ep7.el6
tomcat8-admin-webapps-0:8.0.18-52_patch_01.ep7.el6
tomcat8-docs-webapp-0:8.0.18-52_patch_01.ep7.el6
tomcat8-el-2.2-api-0:8.0.18-52_patch_01.ep7.el6
tomcat8-javadoc-0:8.0.18-52_patch_01.ep7.el6
tomcat8-jsp-2.3-api-0:8.0.18-52_patch_01.ep7.el6
tomcat8-lib-0:8.0.18-52_patch_01.ep7.el6
tomcat8-log4j-0:8.0.18-52_patch_01.ep7.el6
tomcat8-servlet-3.1-api-0:8.0.18-52_patch_01.ep7.el6
tomcat8-webapps-0:8.0.18-52_patch_01.ep7.el6
apache-commons-collections-eap6-0:3.2.1-18.redhat_7.1.ep6.el7
apache-commons-collections-tomcat-eap6-0:3.2.1-18.redhat_7.1.ep6.el7
httpd24-0:2.4.6-59.ep7.el7
httpd24-debuginfo-0:2.4.6-59.ep7.el7
httpd24-devel-0:2.4.6-59.ep7.el7
httpd24-manual-0:2.4.6-59.ep7.el7
httpd24-tools-0:2.4.6-59.ep7.el7
mod_bmx-0:0.9.5-7.GA.ep7.el7
mod_bmx-debuginfo-0:0.9.5-7.GA.ep7.el7
mod_cluster-native-0:1.3.1-6.Final_redhat_2.ep7.el7
mod_cluster-native-debuginfo-0:1.3.1-6.Final_redhat_2.ep7.el7
mod_ldap24-0:2.4.6-59.ep7.el7
mod_proxy24_html-1:2.4.6-59.ep7.el7
mod_session24-0:2.4.6-59.ep7.el7
mod_ssl24-1:2.4.6-59.ep7.el7
tomcat-vault-0:1.0.8-4.Final_redhat_4.1.ep7.el7
tomcat7-0:7.0.59-42_patch_01.ep7.el7
tomcat7-admin-webapps-0:7.0.59-42_patch_01.ep7.el7
tomcat7-docs-webapp-0:7.0.59-42_patch_01.ep7.el7
tomcat7-el-2.2-api-0:7.0.59-42_patch_01.ep7.el7
tomcat7-javadoc-0:7.0.59-42_patch_01.ep7.el7
tomcat7-jsp-2.2-api-0:7.0.59-42_patch_01.ep7.el7
tomcat7-lib-0:7.0.59-42_patch_01.ep7.el7
tomcat7-log4j-0:7.0.59-42_patch_01.ep7.el7
tomcat7-servlet-3.0-api-0:7.0.59-42_patch_01.ep7.el7
tomcat7-webapps-0:7.0.59-42_patch_01.ep7.el7
tomcat8-0:8.0.18-52_patch_01.ep7.el7
tomcat8-admin-webapps-0:8.0.18-52_patch_01.ep7.el7
tomcat8-docs-webapp-0:8.0.18-52_patch_01.ep7.el7
tomcat8-el-2.2-api-0:8.0.18-52_patch_01.ep7.el7
tomcat8-javadoc-0:8.0.18-52_patch_01.ep7.el7
tomcat8-jsp-2.3-api-0:8.0.18-52_patch_01.ep7.el7
tomcat8-lib-0:8.0.18-52_patch_01.ep7.el7
tomcat8-log4j-0:8.0.18-52_patch_01.ep7.el7
tomcat8-servlet-3.1-api-0:8.0.18-52_patch_01.ep7.el7
tomcat8-webapps-0:8.0.18-52_patch_01.ep7.el7

refmap via4

apple	APPLE-SA-2015-08-13-2 APPLE-SA-2015-09-16-4
bid	71656
confirm	http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup&pathrev=1627749 http://svn.apache.org/viewvc?view=revision&revision=1624234 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html https://bugzilla.redhat.com/show_bug.cgi?id=1149709 https://support.apple.com/HT205219 https://support.apple.com/kb/HT205031
gentoo	GLSA-201610-02
mlist	[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
sectrack	1031005
ubuntu	USN-2523-1
xf	apache-cve20143581-dos(97027)

Last major update

07-09-2022 - 17:34

Published

10-10-2014 - 10:55

Last modified

07-09-2022 - 17:34