-
Notifications
You must be signed in to change notification settings - Fork 91
CVE 2014 3581
Kemoy
A NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled.
The vulnerability was found by Mark Montague on Octorber 10,2014. according to NVD, the vulnerability affects Apache HTTP Server before 2.4.11. With that being said, it is in all version below 2.4.1
##Track Mark Montague
#Patch A patch version was committed to github by Stefan Fritsch.
##Git fix hashes
- c164ca7383d5f204915d85a5826655d3f1557148
- 421251bae25f2ec2f049efd6f171c117fd38fa5
##Archive communication Archive communication
Nils #CVE-2014-3581 ###Announced 2014-05-14 ##Bounty None ###Bug Introduced Introduced at revision 1004220 URL: https://svn.apache.org/viewvc?view=revision&revision=1004220 ###Found by Mark Montague Resume page: https://markmont.github.io/resume/ ###Fixes Fixed at revision 1624234 URL: https://svn.apache.org/viewvc?view=revision&revision=1624234 ###Description Dereferencing a Content-Type header taht is null causes segmentation fault and denial of service. ###Discussion Jan K. started messaging people about the potential vulnerability. There were updates about how he successfully duplicated the vulnerability. There was a roundabout fix without getting to the heart of the problem. They discuss design of the fix briefly here. Everyone is wary so they don’t mess up the design.