CVE-2014-3581

Published: Oct 10, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

Affected (31)

Products: Apache: Http Server · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Tus · +1 more

Show all products

Apache: Http Server · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Tus · Oracle: Enterprise Manager Ops Center, Linux

1 product

1 product

5 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server Tus

Oracle

2 products

Enterprise Manager Ops Center

Linux

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	Version 2.4.10
Apache Http Server	Version 2.4.1
Apache Http Server	Version 2.4.2
Apache Http Server	Version 2.4.3
Apache Http Server	Version 2.4.4
Apache Http Server	Version 2.4.6
Apache Http Server	Version 2.4.7
Apache Http Server	Version 2.4.9

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10

Configuration C

14 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Eus	Version 7.3
Redhat Enterprise Linux Eus	Version 7.4
Redhat Enterprise Linux Eus	Version 7.5
Redhat Enterprise Linux Eus	Version 7.6
Redhat Enterprise Linux Eus	Version 7.7
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.3
Redhat Enterprise Linux Server Aus	Version 7.4
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Server Aus	Version 7.7
Redhat Enterprise Linux Server Tus	Version 7.3
Redhat Enterprise Linux Server Tus	Version 7.6
Redhat Enterprise Linux Server Tus	Version 7.7

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Oracle Enterprise Manager Ops Center	Before 12.1.4
Oracle Enterprise Manager Ops Center	Version 12.2.0
Oracle Enterprise Manager Ops Center	Version 12.2.1
Oracle Enterprise Manager Ops Center	Version 12.3.0
Oracle Linux	Version 6

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (58)

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Source: secalert@redhat.com

Broken LinkMailing List

http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html

Source: secalert@redhat.com

Broken LinkMailing List

http://rhn.redhat.com/errata/RHSA-2015-0325.html

Source: secalert@redhat.com

Third Party Advisory

http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup&pathrev=1627749

Source: secalert@redhat.com

Release NotesVendor Advisory

http://svn.apache.org/viewvc?view=revision&revision=1624234

Source: secalert@redhat.com

PatchVendor Advisory

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/71656

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1031005

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2523-1

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1149709

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/97027

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201610-02

Source: secalert@redhat.com

Third Party Advisory

https://support.apple.com/HT205219

Source: secalert@redhat.com

Third Party Advisory

https://support.apple.com/kb/HT205031

Source: secalert@redhat.com

Third Party Advisory

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html