[Forgot Password]
Login  Register Subscribe

25354

 
 

132804

 
 

134729

 
 

909

 
 

109403

 
 

153

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2014-0098Date: (C)2014-07-12   (M)2019-11-22


The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/archive/1/534161/100/0/threaded
http://seclists.org/fulldisclosure/2015/Apr/5
SECUNIA-58230
SECUNIA-58915
SECUNIA-59219
SECUNIA-59315
SECUNIA-59345
SECUNIA-60536
BID-66303
APPLE-SA-2014-10-16-1
APPLE-SA-2015-04-08-2
GLSA-201408-12
HPSBUX03150
IAVM:2014-A-0084
SSRT101681
USN-2152-1
http://advisories.mageia.org/MGASA-2014-0135.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?r1=1575394&r2=1575400&diff_format=h
http://www-01.ibm.com/support/docview.wss?uid=swg21668973
http://www-01.ibm.com/support/docview.wss?uid=swg21676091
http://www-01.ibm.com/support/docview.wss?uid=swg21676092
http://www.apache.org/dist/httpd/CHANGES_2.4.9
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1
https://httpd.apache.org/security/vulnerabilities_24.html
https://puppet.com/security/cve/cve-2014-0098
https://support.apple.com/HT204659
https://support.apple.com/kb/HT6535

CPE    94
cpe:/a:apache:http_server:2.3.16
cpe:/a:apache:http_server:2.3.14
cpe:/a:apache:http_server:2.3.15
cpe:/a:apache:http_server:2.3.0
...
CWE    1
CWE-20
OVAL    16
oval:org.secpod.oval:def:24460
oval:org.secpod.oval:def:21746
oval:org.secpod.oval:def:1500438
oval:org.secpod.oval:def:1300287
...

© SecPod Technologies