Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:APACHE:MOD-LOG-CONFIG-DOS |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache HTTP Server mod_log_config Denial of Service |
Release Date |
2014/04/10 |
Update Number |
2363 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Apache HTTP Server mod_log_config Denial of Service
This signature detects attempts to exploit a known vulnerability against Apache HTTP Server. A successful attack can result in a denial-of-service condition.
Extended Description
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
Affected Products
- Apache http_server 2.0
- Apache http_server 2.0.28
- Apache http_server 2.0.32
- Apache http_server 2.0.34
- Apache http_server 2.0.35
- Apache http_server 2.0.36
- Apache http_server 2.0.37
- Apache http_server 2.0.38
- Apache http_server 2.0.39
- Apache http_server 2.0.40
- Apache http_server 2.0.41
- Apache http_server 2.0.42
- Apache http_server 2.0.43
- Apache http_server 2.0.44
- Apache http_server 2.0.45
- Apache http_server 2.0.46
- Apache http_server 2.0.47
- Apache http_server 2.0.48
- Apache http_server 2.0.49
- Apache http_server 2.0.50
- Apache http_server 2.0.51
- Apache http_server 2.0.52
- Apache http_server 2.0.53
- Apache http_server 2.0.54
- Apache http_server 2.0.55
- Apache http_server 2.0.56
- Apache http_server 2.0.57
- Apache http_server 2.0.58
- Apache http_server 2.0.59
- Apache http_server 2.0.60
- Apache http_server 2.0.61
- Apache http_server 2.0.63
- Apache http_server 2.0.64
- Apache http_server 2.0.9
- Apache http_server 2.1
- Apache http_server 2.1.1
- Apache http_server 2.1.2
- Apache http_server 2.1.3
- Apache http_server 2.1.4
- Apache http_server 2.1.5
- Apache http_server 2.1.6
- Apache http_server 2.1.7
- Apache http_server 2.1.8
- Apache http_server 2.1.9
- Apache http_server 2.2
- Apache http_server 2.2.0
- Apache http_server 2.2.1
- Apache http_server 2.2.10
- Apache http_server 2.2.11
- Apache http_server 2.2.12
- Apache http_server 2.2.13
- Apache http_server 2.2.14
- Apache http_server 2.2.15
- Apache http_server 2.2.16
- Apache http_server 2.2.17
- Apache http_server 2.2.18
- Apache http_server 2.2.19
- Apache http_server 2.2.2
- Apache http_server 2.2.20
- Apache http_server 2.2.21
- Apache http_server 2.2.22
- Apache http_server 2.2.23
- Apache http_server 2.2.24
- Apache http_server 2.2.25
- Apache http_server 2.2.3
- Apache http_server 2.2.4
- Apache http_server 2.2.6
- Apache http_server 2.2.8
- Apache http_server 2.2.9
- Apache http_server 2.3.0
- Apache http_server 2.3.1
- Apache http_server 2.3.10
- Apache http_server 2.3.11
- Apache http_server 2.3.12
- Apache http_server 2.3.13
- Apache http_server 2.3.14
- Apache http_server 2.3.15
- Apache http_server 2.3.16
- Apache http_server 2.3.2
- Apache http_server 2.3.3
- Apache http_server 2.3.4
- Apache http_server 2.3.5
- Apache http_server 2.3.6
- Apache http_server 2.3.7
- Apache http_server 2.3.8
- Apache http_server 2.3.9
- Apache http_server 2.4.0
- Apache http_server 2.4.1
- Apache http_server 2.4.2
- Apache http_server 2.4.3
- Apache http_server 2.4.4
- Apache http_server 2.4.6
- Apache http_server 2.4.7
References
- BugTraq: 66303
- CVE: CVE-2014-0098