Apache – CVE-2014-3583

Description

Kayran has detected an out-of-bounds memory read in mod_proxy_fcgi in the Version of Apache HTTP Server being used.

CVE-2014-3583 is categorized as a ‘Improper Restriction of Operations within the Bounds of a Memory Buffer’ vulnerability (CWE-119).
These Vulnerabilities occur when the software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Attackers abuse the ‘handle_headers’ function in ‘mod_proxy_fcgi.c’ in the ‘mod_proxy_fcgi’ module in the Apache HTTP Server.
This will allow remote FastCGI servers to cause a denial of service through buffer over-read and daemon crash using a long response headers.

It could lead to a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2014-3583, upgrade the version of Apache HTTP Server being used to 2.4.12.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583

https://cwe.mitre.org/data/definitions/119.html

< Return to all Vulnerabilities

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Read More »