Versions of Apache HTTP Server older than 2.4.8 are unpatched for the following vulnerabilities:
A denial-of-service vulnerability in the mod_log_config module that can be triggered due to insufficient user-input sanitation when logging a cookie with an unassigned value (CVE-2014-0098)
A denial-of-service vulnerability in the mod_dav module that can be triggered when tracking the length of CDATA that includes leading whitespace characters. (CVE-2013-6438)
Binary data 8165.prm
Vendor | Product | Version | CPE |
---|---|---|---|
apache | http_server | cpe:/a:apache:http_server |