| ID |
CVE-2014-3581
|
| Summary |
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:apache:apache_http_server:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:apache_http_server:2.4.0:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:apache_http_server:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:apache_http_server:2.4.1:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:apache_http_server:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:apache_http_server:2.4.2:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:apache_http_server:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:apache_http_server:2.4.3:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:apache_http_server:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:apache_http_server:2.4.4:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:apache_http_server:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:apache_http_server:2.4.5:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:apache_http_server:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:apache_http_server:2.4.6:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:apache_http_server:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:apache_http_server:2.4.7:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:apache_http_server:2.4.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:apache_http_server:2.4.8:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:apache_http_server:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:apache_http_server:2.4.9:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:apache_http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:apache_http_server:*:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 5.0 (as of 29-08-2017 - 01:34) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-399 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
NONE |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| redhat
via4
|
| advisories | | bugzilla | | id | 1149709 | | title | CVE-2014-3581 httpd: NULL pointer dereference in mod_cache if Content-Type has empty value |
| | oval | | AND | | OR | | comment | Red Hat Enterprise Linux 7 Client is installed | | oval | oval:com.redhat.rhba:tst:20150364001 |
| comment | Red Hat Enterprise Linux 7 Server is installed | | oval | oval:com.redhat.rhba:tst:20150364002 |
| comment | Red Hat Enterprise Linux 7 Workstation is installed | | oval | oval:com.redhat.rhba:tst:20150364003 |
| comment | Red Hat Enterprise Linux 7 ComputeNode is installed | | oval | oval:com.redhat.rhba:tst:20150364004 |
|
| OR | | AND | | comment | httpd is earlier than 0:2.4.6-31.el7 | | oval | oval:com.redhat.rhsa:tst:20150325005 |
| comment | httpd is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20111245017 |
|
| AND | | comment | httpd-devel is earlier than 0:2.4.6-31.el7 | | oval | oval:com.redhat.rhsa:tst:20150325019 |
| comment | httpd-devel is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20111245019 |
|
| AND | | comment | httpd-manual is earlier than 0:2.4.6-31.el7 | | oval | oval:com.redhat.rhsa:tst:20150325007 |
| comment | httpd-manual is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20111245025 |
|
| AND | | comment | httpd-tools is earlier than 0:2.4.6-31.el7 | | oval | oval:com.redhat.rhsa:tst:20150325011 |
| comment | httpd-tools is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20111245023 |
|
| AND | | comment | mod_ldap is earlier than 0:2.4.6-31.el7 | | oval | oval:com.redhat.rhsa:tst:20150325009 |
| comment | mod_ldap is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20140921010 |
|
| AND | | comment | mod_proxy_html is earlier than 1:2.4.6-31.el7 | | oval | oval:com.redhat.rhsa:tst:20150325015 |
| comment | mod_proxy_html is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20140921008 |
|
| AND | | comment | mod_session is earlier than 0:2.4.6-31.el7 | | oval | oval:com.redhat.rhsa:tst:20150325017 |
| comment | mod_session is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20140921016 |
|
| AND | | comment | mod_ssl is earlier than 1:2.4.6-31.el7 | | oval | oval:com.redhat.rhsa:tst:20150325013 |
| comment | mod_ssl is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20111245021 |
|
|
|
| | rhsa | | id | RHSA-2015:0325 | | released | 2015-03-05 | | severity | Low | | title | RHSA-2015:0325: httpd security, bug fix, and enhancement update (Low) |
|
| | rpms | - httpd-0:2.4.6-31.el7
- httpd-devel-0:2.4.6-31.el7
- httpd-manual-0:2.4.6-31.el7
- httpd-tools-0:2.4.6-31.el7
- mod_ldap-0:2.4.6-31.el7
- mod_proxy_html-1:2.4.6-31.el7
- mod_session-0:2.4.6-31.el7
- mod_ssl-1:2.4.6-31.el7
|
|
| refmap
via4
|
| apple | - APPLE-SA-2015-08-13-2
- APPLE-SA-2015-09-16-4
| | bid | 71656 | | confirm | | | gentoo | GLSA-201610-02 | | sectrack | 1031005 | | ubuntu | USN-2523-1 | | xf | apache-cve20143581-dos(97027) |
|
| Last major update |
29-08-2017 - 01:34 |
| Published |
10-10-2014 - 10:55 |
