Lucene search
Ubuntu.comUB:CVE-2014-3581HistoryOct 10, 2014 - 12:00 a.m.
CVE-2014-3581
2014-10-1000:00:00
ubuntu.com
ubuntu.com
9
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.063 Low
EPSS
Percentile
93.6%
The cache_merge_headers_out function in modules/cache/cache_util.c in the
mod_cache module in the Apache HTTP Server before 2.4.11 allows remote
attackers to cause a denial of service (NULL pointer dereference and
application crash) via an empty HTTP Content-Type header.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | per upstream bug, 2.2 is not affected |
Related
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:05:52
openvas
openvas
Apache HTTP Server DoS Vulnerability (Sep 2014) - Linux
2021-11-01 00:00:00
RedHat Update for httpd RHSA-2015:0325-01
2015-03-06 00:00:00
Oracle: Security Advisory (ELSA-2015-0325)
2015-10-06 00:00:00
cve
cve
CVE-2014-3581
2014-10-10 10:55:00
prion
prion
Null pointer dereference
2014-10-10 10:55:00
httpd
httpd
Apache Httpd < 2.4.12 : mod_cache crash with empty Content-Type header
2014-09-08 00:00:00
debiancve
debiancve
CVE-2014-3581
2014-10-10 10:55:00
nessus
nessus
Oracle Linux 7 : httpd (ELSA-2015-0325)
2015-03-13 00:00:00
RHEL 7 : httpd (RHSA-2015:0325)
2015-03-05 00:00:00
Debian DLA-71-1 : apache2 security update
2015-03-26 00:00:00
oraclelinux
oraclelinux
httpd security, bug fix, and enhancement update
2015-03-11 00:00:00
httpd24-httpd security and bug fix update
2016-02-04 00:00:00
redhat
redhat
(RHSA-2015:0325) Low: httpd security, bug fix, and enhancement update
2015-03-05 00:00:00
(RHSA-2014:1972) Low: httpd24-httpd security and bug fix update
2014-12-09 00:00:00
(RHSA-2015:2660) Moderate: Red Hat JBoss Web Server 3.0.2 security update
2015-12-16 18:09:36
osv
osv
apache2 - security update
2014-10-16 00:00:00
debian
debian
[SECURITY] [DLA 71-1] apache2 security update
2014-10-16 10:10:48
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2015-03-17 13:28:17
mageia
mageia
Updated apache packages fix security vulnerabilities
2014-12-13 23:16:05
f5
f5
Apache vulnerabilities CVE-2014-8109, CVE-2014-3581, CVE-2014-3583
2015-07-03 00:14:00
fedora
fedora
[SECURITY] Fedora 21 Update: httpd-2.4.10-15.fc21
2015-03-16 01:41:46
[SECURITY] Fedora 20 Update: httpd-2.4.10-2.fc20
2015-02-28 10:22:55
amazon
amazon
Low: httpd24
2015-02-12 10:57:00
freebsd
freebsd
apache24 -- several vulnerabilities
2015-01-29 00:00:00
slackware
slackware
[slackware-security] httpd
2015-04-22 01:20:26
gentoo
gentoo
Apache: Multiple vulnerabilities
2016-10-06 00:00:00
securityvulns
securityvulns
[USN-2523-1] Apache HTTP Server vulnerabilities
2015-03-15 00:00:00
Apache multiple security vulnerabilities
2015-04-16 00:00:00
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
2015-08-17 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2015-03-10 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2016
2016-01-19 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.063 Low
EPSS
Percentile
93.6%
Related for UB:CVE-2014-3581