CVE-2014-0098

Published: Mar 18, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

Affected (14)

Products: Apache: Http Server · Oracle: Http Server, Secure Global Desktop · Canonical: Ubuntu Linux

1 product

2 products

Secure Global Desktop

Canonical

1 product

Ubuntu Linux

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	From 2.2.0 to 2.2.27
Apache Http Server	From 2.4.1 to 2.4.9

Configuration B

8 vulnerable

Vulnerable Software	Affected Versions
Oracle Http Server	Version 10.1.3.5.0
Oracle Http Server	Version 11.1.1.7.0
Oracle Http Server	Version 12.1.2.0
Oracle Http Server	Version 12.1.3.0
Oracle Secure Global Desktop	Version 4.63
Oracle Secure Global Desktop	Version 4.71
Oracle Secure Global Desktop	Version 5.0
Oracle Secure Global Desktop	Version 5.1

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 12.10
Canonical Ubuntu Linux	Version 13.10

References (108)

http://advisories.mageia.org/MGASA-2014-0135.html

Source: secalert@redhat.com

Third Party Advisory

http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html

Source: secalert@redhat.com

Broken Link

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698

Source: secalert@redhat.com

Third Party Advisory

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

Source: secalert@redhat.com

Broken LinkMailing List

http://marc.info/?l=bugtraq&m=141017844705317&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=141390017113542&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2014/Dec/23

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://secunia.com/advisories/58230

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/58915

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/59219

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/59315

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/59345

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/60536

Source: secalert@redhat.com

Not Applicable

http://security.gentoo.org/glsa/glsa-201408-12.xml

Source: secalert@redhat.com

Third Party Advisory

http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html

Source: secalert@redhat.com

Third Party Advisory

http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES

Source: secalert@redhat.com

Vendor Advisory

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c

Source: secalert@redhat.com

Vendor Advisory

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?r1=1575394&r2=1575400&diff_format=h

Source: secalert@redhat.com

PatchVendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21668973

Source: secalert@redhat.com

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676091

Source: secalert@redhat.com

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21676092

Source: secalert@redhat.com

Third Party Advisory

http://www.apache.org/dist/httpd/CHANGES_2.4.9

Source: secalert@redhat.com

Broken Link

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/archive/1/534161/100/0/threaded

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/66303

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2152-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Source: secalert@redhat.com

Third Party Advisory

https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1

Source: secalert@redhat.com

Third Party Advisory

https://httpd.apache.org/security/vulnerabilities_24.html

Source: secalert@redhat.com

Vendor Advisory

https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://puppet.com/security/cve/cve-2014-0098

Source: secalert@redhat.com

Third Party Advisory

https://support.apple.com/HT204659

Source: secalert@redhat.com

Third Party Advisory

https://support.apple.com/kb/HT6535

Source: secalert@redhat.com

Third Party Advisory

http://advisories.mageia.org/MGASA-2014-0135.html