ALAS-2014-331 ---- httpdID: oval:org.secpod.oval:def:1600004 | Date: (C)2016-01-07 (M)2023-12-07 |
Class: PATCH | Family: unix |
It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module , a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A buffer over-read flaw was found in the httpd mod_log_config module. In configurations where cookie logging is enabled, a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed cookie header
Platform: |
Amazon Linux AMI |