Description
Kayran has detected an out-of-bounds memory read in mod_proxy_fcgi in the Version of Apache HTTP Server being used.
CVE-2014-3583 is categorized as a ‘Improper Restriction of Operations within the Bounds of a Memory Buffer’ vulnerability (CWE-119).
These Vulnerabilities occur when the software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
Attackers abuse the ‘handle_headers’ function in ‘mod_proxy_fcgi.c’ in the ‘mod_proxy_fcgi’ module in the Apache HTTP Server.
This will allow remote FastCGI servers to cause a denial of service through buffer over-read and daemon crash using a long response headers.
It could lead to a decrease in performance and interruptions in the availability of resources.
Recommendation
To fix CVE-2014-3583, upgrade the version of Apache HTTP Server being used to 2.4.12.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583
