CVE-2014-3581
Published: 10 October 2014
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.
Notes
Author | Note |
---|---|
mdeslaur | per upstream bug, 2.2 is not affected |
Priority
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(2.2.14-5ubuntu8.14)
|
precise |
Not vulnerable
(2.2.22-1ubuntu1.7)
|
|
trusty |
Released
(2.4.7-1ubuntu4.4)
|
|
upstream |
Released
(2.4.10-3)
|
|
utopic |
Released
(2.4.10-1ubuntu1.1)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1624234 upstream: https://github.com/apache/httpd/commit/c164ca7383d5f204915d85a5826655d3f1557148 |