Apache HTTP Server mod_cache DoS Vulnerability

Apache HTTP Server mod_cache DoS Vulnerability

Release date: 2014-10-07
Updated on:

Affected Systems:
Apache Group HTTP Server 2.4.x
Apache Group HTTP Server 2.2.x
Description:
CVE (CAN) ID: CVE-2014-3581

Apache HTTP Server is an open-source Web Server of the Apache Software Foundation. It can run in most computer operating systems. Because of its wide use of multiple platforms and security, is one of the most popular Web server software. It is fast, reliable, and can be used to compile interpreters such as Perl/Python into the server through simple API extensions.

Apache HTTP Server 2.4.10 has a null pointer indirect reference error in the "cache_merge_headers_out ()" function (modules/cache/cache_util.c). Attackers can use the content-type field with a null value, this vulnerability can cause a crash.

<* Source: vendor

Link: http://secunia.com/advisories/61539/
*>

Suggestion:
Vendor patch:

Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES? View = markup & pathrev = 1627749

-------------------------------------- Split line --------------------------------------

Install the LAMP \ Vsftpd \ Webmin \ phpMyAdmin service and settings in Ubuntu 13.04

Compile and install LAMP in CentOS 5.9 (Apache 2.2.44 + MySQL 5.6.10 + PHP 5.4.12)

Source code for Web server architecture in RedHat 5.4 build the LAMP environment and application PHPWind

Build a WEB Server Linux + Apache + MySQL + PHP in the LAMP source code Environment

LAMP + Xcache environment setup

-------------------------------------- Split line --------------------------------------

This article permanently updates the link address: