Apache – CVE-2014-3583

Description

Kayran has detected an out-of-bounds memory read in mod_proxy_fcgi in the Version of Apache HTTP Server being used.

CVE-2014-3583 is categorized as a ‘Improper Restriction of Operations within the Bounds of a Memory Buffer’ vulnerability (CWE-119).
These Vulnerabilities occur when the software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Attackers abuse the ‘handle_headers’ function in ‘mod_proxy_fcgi.c’ in the ‘mod_proxy_fcgi’ module in the Apache HTTP Server.
This will allow remote FastCGI servers to cause a denial of service through buffer over-read and daemon crash using a long response headers.

It could lead to a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2014-3583, upgrade the version of Apache HTTP Server being used to 2.4.12.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583

https://cwe.mitre.org/data/definitions/119.html

< Return to all Vulnerabilities

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »