5

CVE-2014-0098

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version >= 2.2.0 < 2.2.27
ApacheHTTP Server Version >= 2.4.1 < 2.4.9
OracleHTTP Server Version10.1.3.5.0
OracleHTTP Server Version11.1.1.7.0
OracleHTTP Server Version12.1.2.0
OracleHTTP Server Version12.1.3.0
OracleSecure Global Desktop Version4.63
OracleSecure Global Desktop Version4.71
OracleSecure Global Desktop Version5.0
OracleSecure Global Desktop Version5.1
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 26% 0.977
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Third Party Advisory
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
https://httpd.apache.org/security/vulnerabilities_24.html
Vendor Advisory
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E
http://seclists.org/fulldisclosure/2014/Dec/23
Third Party Advisory
Mailing List
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
Third Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
Third Party Advisory
http://marc.info/?l=bugtraq&m=141390017113542&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
Broken Link
https://support.apple.com/kb/HT6535
Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Broken Link
Mailing List
https://support.apple.com/HT204659
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676091
Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676092
Third Party Advisory
http://advisories.mageia.org/MGASA-2014-0135.html
Third Party Advisory
http://marc.info/?l=bugtraq&m=141017844705317&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://secunia.com/advisories/58230
Not Applicable
http://secunia.com/advisories/59315
Not Applicable
http://secunia.com/advisories/59345
Not Applicable
http://secunia.com/advisories/60536
Not Applicable
http://security.gentoo.org/glsa/glsa-201408-12.xml
Third Party Advisory
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
Vendor Advisory
http://www.apache.org/dist/httpd/CHANGES_2.4.9
Broken Link
http://www.securityfocus.com/bid/66303
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2152-1
Third Party Advisory
https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1
Third Party Advisory
https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
http://secunia.com/advisories/58915
Not Applicable
http://secunia.com/advisories/59219
Not Applicable
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html
Third Party Advisory
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c
Vendor Advisory
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?r1=1575394&r2=1575400&diff_format=h
Patch
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21668973
Third Party Advisory
https://puppet.com/security/cve/cve-2014-0098
Third Party Advisory