CVE-2014-3583

CWE-119 — Buffer Overflow CWE-125 — Out-of-bounds Read11 documents9 sources

Severity

5.0MEDIUM

EPSS

41.8%

top 2.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Apple MAC OS X Apple OS X Server +1 more

Timeline

PublishedDec 15

Latest updateMay 13

Description

The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDapache/http_server2.4.10

▶Debianapache2< 2.4.10-8+3

▶NVDapple/os_x_server5.0.3

▶NVDapple/mac_os_x6 versions+5

Also affects: Ubuntu Linux 10.04, 12.04, 14.04, 14.10

🔴Vulnerability Details

GHSA

GHSA-jh98-gwvf-4vf3: The handle_headers function in mod_proxy_fcgi↗2022-05-13

▶

OSV

CVE-2014-3583: The handle_headers function in mod_proxy_fcgi↗2014-12-15

▶

CVEList

CVE-2014-3583: The handle_headers function in mod_proxy_fcgi↗2014-12-15

▶

📋Vendor Advisories

Ubuntu

Apache HTTP Server vulnerabilities↗2015-03-10

▶

Red Hat

httpd: mod_proxy_fcgi handle_headers() buffer over read↗2014-10-12

▶

Debian

CVE-2014-3583: apache2 - The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in ...↗2014

▶

Apple

CVE-2014-3583: OS X Yosemite v10.10.5 and Security Update 2015-006↗

▶

Apple

CVE-2014-3583: OS X Server v5.0.3↗

▶

💬Community

Bugzilla

CVE-2014-3583 httpd: mod_proxy_fcgi heap-based buffer overflow [fedora-all]↗2014-11-13

▶

Bugzilla

CVE-2014-3583 httpd: mod_proxy_fcgi handle_headers() buffer over read↗2014-11-13

▶