The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 02:20
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
07 Sep 2022, 17:34
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Redhat enterprise Linux Eus
Redhat enterprise Linux Server Tus Redhat Redhat enterprise Linux Server Oracle enterprise Manager Ops Center Canonical ubuntu Linux Canonical Apache http Server Oracle linux Oracle Redhat enterprise Linux Server Aus Redhat enterprise Linux Desktop |
|
| CPE | cpe:2.3:a:apache:apache_http_server:*:*:*:*:*:*:*:* cpe:2.3:a:apache:apache_http_server:2.4.4:*:*:*:*:*:*:* cpe:2.3:a:apache:apache_http_server:2.4.6:*:*:*:*:*:*:* cpe:2.3:a:apache:apache_http_server:2.4.7:*:*:*:*:*:*:* cpe:2.3:a:apache:apache_http_server:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:apache:apache_http_server:2.4.5:*:*:*:*:*:*:* cpe:2.3:a:apache:apache_http_server:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:apache:apache_http_server:2.4.3:*:*:*:*:*:*:* cpe:2.3:a:apache:apache_http_server:2.4.8:*:*:*:*:*:*:* cpe:2.3:a:apache:apache_http_server:2.4.9:*:*:*:*:*:*:* |
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:*:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:* |
| References | (CONFIRM) https://support.apple.com/HT205219 - Third Party Advisory | |
| References | (MLIST) https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
| References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html - Third Party Advisory | |
| References | (MLIST) https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
| References | (BID) http://www.securityfocus.com/bid/71656 - Third Party Advisory, VDB Entry | |
| References | (CONFIRM) http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup&pathrev=1627749 - Release Notes, Vendor Advisory | |
| References | (SECTRACK) http://www.securitytracker.com/id/1031005 - Broken Link, Third Party Advisory, VDB Entry | |
| References | (MLIST) https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
| References | (APPLE) http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html - Broken Link, Mailing List | |
| References | (MLIST) https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
| References | (MLIST) https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
| References | (GENTOO) https://security.gentoo.org/glsa/201610-02 - Third Party Advisory | |
| References | (MLIST) https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
| References | (MLIST) https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
| References | (MLIST) https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
| References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-0325.html - Third Party Advisory | |
| References | (MLIST) https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
| References | (MLIST) https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
| References | (APPLE) http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html - Broken Link, Mailing List | |
| References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/97027 - Third Party Advisory, VDB Entry | |
| References | (MLIST) https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
| References | (UBUNTU) http://www.ubuntu.com/usn/USN-2523-1 - Third Party Advisory | |
| References | (CONFIRM) http://svn.apache.org/viewvc?view=revision&revision=1624234 - Patch, Vendor Advisory | |
| References | (MLIST) https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
| References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html - Third Party Advisory | |
| References | (CONFIRM) https://support.apple.com/kb/HT205031 - Third Party Advisory | |
| References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1149709 - Issue Tracking, Patch, Third Party Advisory | |
| References | (MLIST) https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
| References | (MLIST) https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E - Mailing List, Vendor Advisory | |
| CWE | CWE-476 |
06 Jun 2021, 11:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
03 Jun 2021, 08:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
30 Mar 2021, 12:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Information
Published : 2014-10-10 10:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-3581
Mitre link : CVE-2014-3581
CVE.ORG link : CVE-2014-3581
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- enterprise_linux_eus
- enterprise_linux_desktop
- enterprise_linux_server_tus
- enterprise_linux_server_aus
canonical
- ubuntu_linux
oracle
- enterprise_manager_ops_center
- linux
apache
- http_server
CWE
CWE-476
NULL Pointer Dereference