CVE Vulnerabilities

CVE-2014-0098

Published: Mar 18, 2014 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
4.3 LOW
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

Affected Software

Name Vendor Start Version End Version
Http_server Apache 2.2.0 (including) 2.2.27 (excluding)
Http_server Apache 2.4.1 (including) 2.4.9 (excluding)
Red Hat Enterprise Linux 5 RedHat httpd-0:2.2.3-85.el5_10 *
Red Hat Enterprise Linux 6 RedHat httpd-0:2.2.15-30.el6_5 *
Red Hat JBoss Enterprise Application Platform 6.2 RedHat *
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 RedHat httpd-0:2.2.22-27.ep6.el5 *
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 RedHat httpd-0:2.2.22-27.ep6.el6 *
Red Hat JBoss Enterprise Web Server 2 for RHEL 5 RedHat httpd-0:2.2.22-27.ep6.el5 *
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 RedHat httpd-0:2.2.22-27.ep6.el6 *
Red Hat JBoss Web Server 2.0 RedHat httpd *
Apache2 Ubuntu devel *
Apache2 Ubuntu precise *
Apache2 Ubuntu quantal *
Apache2 Ubuntu saucy *
Apache2 Ubuntu upstream *

References