SB2014041716 - Input validation error in apache2 (Alpine package)
Published: April 17, 2014
Security Bulletin ID
SB2014041716
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2014-0098)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=83628e2c6a82bbb3e9b36cec3d903d7004e90c5d
- https://git.alpinelinux.org/aports/commit/?id=78e0a593413a5ed7449a690ec8c07fc81cf48362
- https://git.alpinelinux.org/aports/commit/?id=6499c73a4c09c49fabf2c744656defc5b0f7aa96
- https://git.alpinelinux.org/aports/commit/?id=96c84fd65048e19eb1259c5a8d21225029386f7d