CVE-2014-0117

Published: Jul 20, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.

Affected (5)

Products: Apache: Http Server · Apple: Mac Os X

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	Version 2.4.6
Apache Http Server	Version 2.4.7
Apache Http Server	Version 2.4.8
Apache Http Server	Version 2.4.9

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Up to 10.10.2

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (48)

http://advisories.mageia.org/MGASA-2014-0305.html

Source: secalert@redhat.com

http://httpd.apache.org/security/vulnerabilities_24.html

Source: secalert@redhat.com

PatchVendor Advisory

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

Source: secalert@redhat.com

http://seclists.org/fulldisclosure/2014/Jul/117

Source: secalert@redhat.com

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c

Source: secalert@redhat.com

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1599486&r2=1610674&diff_format=h

Source: secalert@redhat.com

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c

Source: secalert@redhat.com

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?r1=1609680&r2=1610674&diff_format=h

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Source: secalert@redhat.com

http://zerodayinitiative.com/advisories/ZDI-14-239/

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1120599

Source: secalert@redhat.com

https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://support.apple.com/HT204659

Source: secalert@redhat.com

http://advisories.mageia.org/MGASA-2014-0305.html