CVE-2014-3581NULL Pointer Dereference in Apache Http Server

CWE-476NULL Pointer Dereference12 documents9 sources
Severity
5.0MEDIUMNVD
EPSS
4.8%
top 10.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Oracle Enterprise Manager OPS CenterApache Http ServerCanonical Ubuntu Linux+6 more
Timeline
PublishedOct 10
Latest updateMay 13

Description

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

NVDapache/http_server8 versions+7

Also affects: Ubuntu Linux 10.04, 12.04, 14.04, 14.10, Enterprise Linux 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: svn.apache.orgPatch: bugzilla.redhat.comPatch: svn.apache.org

🔴Vulnerability Details

4
GHSA
GHSA-fp3c-hq6w-q3rf: The cache_merge_headers_out function in modules/cache/cache_util2022-05-13
OSV
apache2 vulnerabilities2015-03-10
CVEList
CVE-2014-3581: The cache_merge_headers_out function in modules/cache/cache_util2014-10-10
OSV
CVE-2014-3581: The cache_merge_headers_out function in modules/cache/cache_util2014-10-10

📋Vendor Advisories

5
Ubuntu
Apache HTTP Server vulnerabilities2015-03-10
Red Hat
httpd: NULL pointer dereference in mod_cache if Content-Type has empty value2014-09-08
Debian
CVE-2014-3581: apache2 - The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_ca...2014
Apple
CVE-2014-3581: OS X Yosemite v10.10.5 and Security Update 2015-006
Apple
CVE-2014-3581: OS X Server v5.0.3

💬Community

2
Bugzilla
CVE-2014-3581 httpd: NULL pointer dereference in mod_cache if Content-Type has empty value2014-10-06
Bugzilla
CVE-2014-3581 httpd: NULL pointer dereference in mod_cache if Content-Type has empty value [fedora-all]2014-10-06
CVE-2014-3581 — NULL Pointer Dereference in Apache | cvebase