*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Marc Deslauriers (mdeslaur):
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header. Nothing in the 14.04 LTS apache2 2.4.7-1ubuntu4.1 changelog shows that this has been address: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3581 Looks like it is fixed in apache2 (2.4.10-2) unstable; urgency=medium * Pull changes from upstream 2.4.x branch up to r1626207 + Security Fix for CVE-2013-5704: HTTP trailers could be used to replace HTTP headers late during request processing, potentially undoing or otherwise confusing modules that examined or modified request headers earlier. Adds "MergeTrailers" directive to restore legacy behavior. ** Affects: apache2 (Ubuntu) Importance: Undecided Status: New -- mod_headers CVE-2013-5704 https://bugs.launchpad.net/bugs/1425141 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
