5

CVE-2014-0098

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version >= 2.2.0 < 2.2.27
ApacheHTTP Server Version >= 2.4.1 < 2.4.9
OracleHTTP Server Version10.1.3.5.0
OracleHTTP Server Version11.1.1.7.0
OracleHTTP Server Version12.1.2.0
OracleHTTP Server Version12.1.3.0
OracleSecure Global Desktop Version4.63
OracleSecure Global Desktop Version4.71
OracleSecure Global Desktop Version5.0
OracleSecure Global Desktop Version5.1
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 47.4% 0.976
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
http://seclists.org/fulldisclosure/2014/Dec/23
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=141390017113542&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=141017844705317&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://www.securityfocus.com/bid/66303
Third Party Advisory
VDB Entry