Описание
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.
A buffer overflow flaw was found in mod_proxy_fcgi's handle_headers() function. A malicious FastCGI server that httpd is configured to connect to could send a carefully crafted response that would cause an httpd child process handling the request to crash.
Отчет
Not vulnerable. This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 5, 6 and 7, Red Hat Software Collections 1, Red Hat JBoss Web Server 1 and 2, and Red Hat JBoss Enterprise Application Platform 6.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 1.2 | mod_proxy_fcgi | Affected | ||
| Red Hat Directory Server 8 | httpd | Not affected | ||
| Red Hat Enterprise Linux 5 | httpd | Not affected | ||
| Red Hat Enterprise Linux 6 | httpd | Not affected | ||
| Red Hat Enterprise Linux 7 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | others | Not affected | ||
| Red Hat JBoss Enterprise Web Server 2 | httpd | Not affected | ||
| Red Hat Software Collections | httpd24-httpd | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
2.6 Low
CVSS2
Связанные уязвимости
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi ...
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.
EPSS
2.6 Low
CVSS2