-
Notifications
You must be signed in to change notification settings - Fork 91
CVE 2014 3583
Tina Howard edited this page Dec 18, 2016
·
7 revisions
ame: httpd: mod_proxy_fcgi handle_headers() buffer over read
Fix Commit:
- httpd 2.4.11
- r1594537
Vulnerability Commit:
- r1591472
Found By:
- Teguh P. Alko on September 17th, 2014 public release of the vulnerability on November 12th, 2014
- Murray McAllister
Fixed By:
- trawick and released on January 20th, 2015
Bounty: N/A
Description: A buffer overflow flaw was found in mod_proxy_fcgi's handle_headers() function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash. This only affected version 2.4.10 of Apache.