CVE-2014-0098
CVE-2014-0098
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://advisories.mageia.org/MGASA-2014-0135.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://marc.info/?l=bugtraq&m=141017844705317&w=2http://marc.info/?l=bugtraq&m=141390017113542&w=2https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1http://seclists.org/fulldisclosure/2014/Dec/23http://secunia.com/advisories/58230http://secunia.com/advisories/58915http://secunia.com/advisories/59219http://secunia.com/advisories/59315