Apache mod_dav and mod_log_config Multiple Vulnerabilities
Last Update Date:
19 Mar 2014 17:19
Release Date:
19 Mar 2014
3725
Views
RISK: Medium Risk
TYPE: Servers - Web Servers
Two vulnerabilities have been identified in Apache, which can be exploited by a remote user to cause denial of service conditions.
- A remote user can send specially crafted DAV WRITE requests to trigger a flaw in mod_dav in the processing of spaces within CDATA and cause the target service to crash.
- A remote user can send a specially crafted cookie value to trigger a flaw in mod_log_config and cause the target service to crash.
Impact
- Denial of Service
System / Technologies affected
- Apache versions prior to 2.4.8
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 2.4.9
Vulnerability Identifier
Source
Related Link
Share with