Описание
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
A denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash.
Отчет
This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5 and 6, Red Hat JBoss Web Server, and Red Hat JBoss Enterprise Application Platform. These products include httpd 2.2, and only httpd versions 2.4.6 through 2.4.9 include the vulnerable code.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Directory Server 8 | httpd | Not affected | ||
| Red Hat Enterprise Linux 5 | httpd | Not affected | ||
| Red Hat Enterprise Linux 6 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | others | Not affected | ||
| Red Hat JBoss Enterprise Web Server 2 | httpd | Not affected | ||
| Red Hat Enterprise Linux 7 | httpd | Fixed | RHSA-2014:0921 | 23.07.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | httpd24-httpd | Fixed | RHSA-2014:0922 | 23.07.2014 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, wh ...
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
Уязвимость программного обеспечения Apache HTTP Server, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации
EPSS
5 Medium
CVSS2