Launchpad CVE tracker

CVE 2014-3583

The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

Related bugs and status

CVE-2014-3583 (Candidate) is related to these bugs:

Bug #1415437: UPDATE REQUEST: httpd24u 2.4.12 is available upstream

Summary				In	Importance	Status
	1415437	UPDATE REQUEST: httpd24u 2.4.12 is available upstream		IUS Community Project	Undecided	Fix Released

Bug #1425141: mod_headers CVE-2013-5704

		In	Importance	Status
1425141	mod_headers CVE-2013-5704	apache2 (Ubuntu)	Undecided	Fix Released
1425141	mod_headers CVE-2013-5704	apache2 (Ubuntu Precise)	Low	Fix Released
1425141	mod_headers CVE-2013-5704	apache2 (Ubuntu Trusty)	Low	Fix Released
1425141	mod_headers CVE-2013-5704	apache2 (Ubuntu Lucid)	Low	Fix Released
1425141	mod_headers CVE-2013-5704	apache2 (Ubuntu Vivid)	Undecided	Fix Released
1425141	mod_headers CVE-2013-5704	apache2 (Ubuntu Utopic)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-3583

References