Skip to main content

Apache mod_proxy_fcgi Denial of Service Vulnerability

Last Update Date: 16 Dec 2014 09:33 Release Date: 16 Dec 2014 3959 Views

RISK: Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

A vulnerability was identified in Apache mod_proxy_fcgi. A remote user can cause denial of service conditions.

A remote FastCGI server can return specially crafted response headers to trigger a buffer overflow in handle_headers() function in 'mod_proxy_fcgi.c' and cause the target Apache server to crash.


Impact

  • Denial of Service

System / Technologies affected

  • Version 2.4.10

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (2.4.11-dev).

Vulnerability Identifier


Source


Related Link