CVE-2014-8566

Published: Nov 15, 2014Modified: May 6, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory."

Affected (2)

Products: Uninett: Mod Auth Mellon · Oracle: Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Uninett Mod Auth Mellon	Up to 0.8.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Linux	Version 6

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://linux.oracle.com/errata/ELSA-2014-1803.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2014-1803.html

Source: cve@mitre.org

http://secunia.com/advisories/62094

Source: cve@mitre.org

http://secunia.com/advisories/62125

Source: cve@mitre.org

https://github.com/UNINETT/mod_auth_mellon/releases/tag/v0.8.1

Source: cve@mitre.org

PatchVendor Advisory

https://postlister.uninett.no/sympa/arc/modmellon/2014-11/msg00000.html

Source: cve@mitre.org

PatchVendor Advisory

http://linux.oracle.com/errata/ELSA-2014-1803.html