Action not permitted
Modal body text goes here.
rhsa-2014_1021
Vulnerability from csaf_redhat
Published
2014-08-06 14:52
Modified
2024-11-14 14:28
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.3.0 update
Notes
Topic
Updated packages that provide Red Hat JBoss Enterprise Application Platform
6.3.0 and fix multiple security issues, several bugs, and add various
enhancements are now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.
A race condition flaw, leading to heap-based buffer overflows, was found in
the mod_status httpd module. A remote attacker able to access a status page
served by mod_status on a server using a threaded Multi-Processing Module
(MPM) could send a specially crafted request that would cause the httpd
child process to crash or, possibly, allow the attacker to execute
arbitrary code with the privileges of the "apache" user. (CVE-2014-0226)
A denial of service flaw was found in the way httpd's mod_deflate module
handled request body decompression (configured via the "DEFLATE" input
filter). A remote attacker able to send a request whose body would be
decompressed could use this flaw to consume an excessive amount of system
memory and CPU on the target system. (CVE-2014-0118)
A denial of service flaw was found in the way OpenSSL handled certain DTLS
ServerHello requests. A specially crafted DTLS handshake packet could cause
a DTLS client using OpenSSL to crash. (CVE-2014-0221)
Note: This update provides a fix for the CVE-2014-0221 issue in openssl
packages for Solaris, HP-UX, and Microsoft Windows.
A denial of service flaw was found in the way httpd's mod_cgid module
executed CGI scripts that did not read data from the standard input.
A remote attacker could submit a specially crafted request that would cause
the httpd child process to hang indefinitely. (CVE-2014-0231)
A flaw was found in the WebSocket08FrameDecoder implementation that could
allow a remote attacker to trigger an Out Of Memory Exception by issuing a
series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on
the server configuration, this could lead to a denial of service.
(CVE-2014-0193)
It was found that the isCallerInRole() method of the SimpleSecurityManager
did not correctly check caller roles. A remote, authenticated attacker
could use this flaw to circumvent the caller check in applications that use
black list access control based on caller roles. (CVE-2014-3472)
Red Hat would like to thank the OpenSSL project for reporting
CVE-2014-0221; upstream acknowledges Imre Rad of Search-Lab as the original
reporter of this issue. Red Hat would also like to thank James Roper of
Typesafe for reporting CVE-2014-0193, and CA Technologies for reporting
CVE-2014-3472.
This release of JBoss Enterprise Application Platform also includes bug
fixes and enhancements. Documentation for these changes will be available
shortly from the JBoss Enterprise Application Platform 6.3.0 Release Notes,
linked to in the References.
All users of Red Hat JBoss Enterprise Application Platform 6.2 as provided
from the Red Hat Customer Portal are advised to apply this update.
The JBoss server process must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated packages that provide Red Hat JBoss Enterprise Application Platform\n6.3.0 and fix multiple security issues, several bugs, and add various\nenhancements are now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nA race condition flaw, leading to heap-based buffer overflows, was found in\nthe mod_status httpd module. A remote attacker able to access a status page\nserved by mod_status on a server using a threaded Multi-Processing Module\n(MPM) could send a specially crafted request that would cause the httpd\nchild process to crash or, possibly, allow the attacker to execute\narbitrary code with the privileges of the \"apache\" user. (CVE-2014-0226)\n\nA denial of service flaw was found in the way httpd\u0027s mod_deflate module\nhandled request body decompression (configured via the \"DEFLATE\" input\nfilter). A remote attacker able to send a request whose body would be\ndecompressed could use this flaw to consume an excessive amount of system\nmemory and CPU on the target system. (CVE-2014-0118)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nNote: This update provides a fix for the CVE-2014-0221 issue in openssl\npackages for Solaris, HP-UX, and Microsoft Windows.\n\nA denial of service flaw was found in the way httpd\u0027s mod_cgid module\nexecuted CGI scripts that did not read data from the standard input.\nA remote attacker could submit a specially crafted request that would cause\nthe httpd child process to hang indefinitely. (CVE-2014-0231)\n\nA flaw was found in the WebSocket08FrameDecoder implementation that could\nallow a remote attacker to trigger an Out Of Memory Exception by issuing a\nseries of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on\nthe server configuration, this could lead to a denial of service.\n(CVE-2014-0193)\n\nIt was found that the isCallerInRole() method of the SimpleSecurityManager\ndid not correctly check caller roles. A remote, authenticated attacker\ncould use this flaw to circumvent the caller check in applications that use\nblack list access control based on caller roles. (CVE-2014-3472)\n\nRed Hat would like to thank the OpenSSL project for reporting\nCVE-2014-0221; upstream acknowledges Imre Rad of Search-Lab as the original\nreporter of this issue. Red Hat would also like to thank James Roper of\nTypesafe for reporting CVE-2014-0193, and CA Technologies for reporting\nCVE-2014-3472.\n\nThis release of JBoss Enterprise Application Platform also includes bug\nfixes and enhancements. Documentation for these changes will be available\nshortly from the JBoss Enterprise Application Platform 6.3.0 Release Notes,\nlinked to in the References.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2 as provided\nfrom the Red Hat Customer Portal are advised to apply this update.\nThe JBoss server process must be restarted for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2014:1021", "url": "https://access.redhat.com/errata/RHSA-2014:1021" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=distributions\u0026version=6.3", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=distributions\u0026version=6.3" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html/6.3.0_Release_Notes/index.html", "url": "https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html/6.3.0_Release_Notes/index.html" }, { "category": "external", "summary": "1092783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092783" }, { "category": "external", "summary": "1103593", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103593" }, { "category": "external", "summary": "1103815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103815" }, { "category": "external", "summary": "1120596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120596" }, { "category": "external", "summary": "1120601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120601" }, { "category": "external", "summary": "1120603", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120603" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_1021.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.3.0 update", "tracking": { "current_release_date": "2024-11-14T14:28:58+00:00", "generator": { "date": "2024-11-14T14:28:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2014:1021", "initial_release_date": "2014-08-06T14:52:25+00:00", "revision_history": [ { "date": "2014-08-06T14:52:25+00:00", "number": "1", "summary": "Initial version" }, { "date": "2014-08-06T14:52:25+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T14:28:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.3", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.3", "product_id": "Red Hat JBoss Enterprise Application Platform 6.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.3" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2014-0118", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2014-07-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1120601" } ], "notes": [ { "category": "description", "text": "A denial of service flaw was found in the way httpd\u0027s mod_deflate module handled request body decompression (configured via the \"DEFLATE\" input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_deflate denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0118" }, { "category": "external", "summary": "RHBZ#1120601", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120601" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0118", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0118" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0118", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0118" }, { "category": "external", "summary": "http://httpd.apache.org/security/vulnerabilities_24.html", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2014-07-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-08-06T14:52:25+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting Red Hat JBoss Enterprise Application Platform installation and\ndeployed applications.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1021" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.3" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_deflate denial of service" }, { "acknowledgments": [ { "names": [ "James Roper" ], "organization": "Typesafe" } ], "cve": "CVE-2014-0193", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2014-04-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1092783" } ], "notes": [ { "category": "description", "text": "A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: DoS via memory exhaustion during data aggregation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0193" }, { "category": "external", "summary": "RHBZ#1092783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1092783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0193", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0193" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0193", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0193" } ], "release_date": "2014-05-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-08-06T14:52:25+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting Red Hat JBoss Enterprise Application Platform installation and\ndeployed applications.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1021" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.3" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "netty: DoS via memory exhaustion during data aggregation" }, { "acknowledgments": [ { "names": [ "OpenSSL project" ] }, { "names": [ "Imre Rad" ], "organization": "Search-Lab", "summary": "Acknowledged by upstream." } ], "cve": "CVE-2014-0221", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2014-06-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1103593" } ], "notes": [ { "category": "description", "text": "A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: DoS when sending invalid DTLS handshake", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0221" }, { "category": "external", "summary": "RHBZ#1103593", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103593" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0221", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0221" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0221", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0221" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv_20140605.txt", "url": "https://www.openssl.org/news/secadv_20140605.txt" } ], "release_date": "2014-06-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-08-06T14:52:25+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting Red Hat JBoss Enterprise Application Platform installation and\ndeployed applications.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1021" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.3" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: DoS when sending invalid DTLS handshake" }, { "cve": "CVE-2014-0226", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "discovery_date": "2014-07-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1120603" } ], "notes": [ { "category": "description", "text": "A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the \"apache\" user.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_status heap-based buffer overflow", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0226" }, { "category": "external", "summary": "RHBZ#1120603", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120603" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0226", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0226" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0226", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0226" }, { "category": "external", "summary": "http://httpd.apache.org/security/vulnerabilities_24.html", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2014-07-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-08-06T14:52:25+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting Red Hat JBoss Enterprise Application Platform installation and\ndeployed applications.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1021" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.3" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: mod_status heap-based buffer overflow" }, { "cve": "CVE-2014-0227", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2014-06-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1109196" } ], "notes": [ { "category": "description", "text": "It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0227" }, { "category": "external", "summary": "RHBZ#1109196", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109196" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0227", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0227" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0227", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0227" }, { "category": "external", "summary": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.43", "url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.43" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55" } ], "release_date": "2015-02-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-08-06T14:52:25+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting Red Hat JBoss Enterprise Application Platform installation and\ndeployed applications.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1021" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.3" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter" }, { "cve": "CVE-2014-0231", "discovery_date": "2014-07-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1120596" } ], "notes": [ { "category": "description", "text": "A denial of service flaw was found in the way httpd\u0027s mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_cgid denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0231" }, { "category": "external", "summary": "RHBZ#1120596", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120596" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0231", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0231" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0231", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0231" }, { "category": "external", "summary": "http://httpd.apache.org/security/vulnerabilities_24.html", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2014-07-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-08-06T14:52:25+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting Red Hat JBoss Enterprise Application Platform installation and\ndeployed applications.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1021" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.3" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_cgid denial of service" }, { "acknowledgments": [ { "names": [ "Tomas Kyjovsky" ], "organization": "Red Hat Quality Engineering Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-3464", "discovery_date": "2014-05-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1102317" } ], "notes": [ { "category": "description", "text": "It was found that the fix for CVE-2013-2133 was incomplete: the JAX-WS handlers were being executed for outbound messages even when authorization had failed. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke.", "title": "Vulnerability description" }, { "category": "summary", "text": "WS: Incomplete fix for CVE-2013-2133", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-3464" }, { "category": "external", "summary": "RHBZ#1102317", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102317" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-3464", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3464" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3464", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3464" } ], "release_date": "2014-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-08-06T14:52:25+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting Red Hat JBoss Enterprise Application Platform installation and\ndeployed applications.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1021" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.3" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "WS: Incomplete fix for CVE-2013-2133" }, { "acknowledgments": [ { "names": [ "CA Technologies" ] } ], "cve": "CVE-2014-3472", "cwe": { "id": "CWE-184", "name": "Incomplete List of Disallowed Inputs" }, "discovery_date": "2014-05-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1103815" } ], "notes": [ { "category": "description", "text": "It was found that the isCallerInRole() method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles.", "title": "Vulnerability description" }, { "category": "summary", "text": "Security: Invalid EJB caller role check implementation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-3472" }, { "category": "external", "summary": "RHBZ#1103815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103815" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-3472", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3472" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-3472", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3472" } ], "release_date": "2014-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-08-06T14:52:25+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting Red Hat JBoss Enterprise Application Platform installation and\ndeployed applications.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1021" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.3" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Security: Invalid EJB caller role check implementation" } ] }
cve-2014-0231
Vulnerability from cvelistv5
Published
2014-07-20 10:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:05:39.442Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c" }, { "name": "HPSBUX03512", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0305.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html" }, { "name": "DSA-2989", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2989" }, { "name": "HPSBMU03409", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT204659" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522\u0026r2=1535125\u0026diff_format=h" }, { "name": "GLSA-201504-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-03" }, { "name": "RHSA-2014:1020", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://puppet.com/security/cve/cve-2014-0231" }, { "name": "60536", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60536" }, { "name": "HPSBMU03380", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "name": "SSRT102066", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246" }, { "name": "RHSA-2014:1021", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "name": "SSRT102254", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "name": "APPLE-SA-2015-04-08-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "68742", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/68742" }, { "name": "MDVSA-2014:142", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:142" }, { "name": "RHSA-2014:1019", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0304.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120596" }, { "name": "HPSBUX03337", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711\u0026r2=1610509\u0026diff_format=h" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-07-15T00:00:00", "descriptions": [ { "lang": "en", "value": "The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-06T10:11:36", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c" }, { "name": "HPSBUX03512", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0305.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html" }, { "name": "DSA-2989", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2989" }, { "name": "HPSBMU03409", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT204659" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522\u0026r2=1535125\u0026diff_format=h" }, { "name": "GLSA-201504-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-03" }, { "name": "RHSA-2014:1020", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://puppet.com/security/cve/cve-2014-0231" }, { "name": "60536", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60536" }, { "name": "HPSBMU03380", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "name": "SSRT102066", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246" }, { "name": "RHSA-2014:1021", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "name": "SSRT102254", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "name": "APPLE-SA-2015-04-08-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "68742", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/68742" }, { "name": "MDVSA-2014:142", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:142" }, { "name": "RHSA-2014:1019", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0304.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120596" }, { "name": "HPSBUX03337", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711\u0026r2=1610509\u0026diff_format=h" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0231", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c" }, { "name": "HPSBUX03512", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "name": "http://advisories.mageia.org/MGASA-2014-0305.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0305.html" }, { "name": "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html" }, { "name": "DSA-2989", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2989" }, { "name": "HPSBMU03409", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "name": "https://support.apple.com/HT204659", "refsource": "CONFIRM", "url": "https://support.apple.com/HT204659" }, { "name": "http://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES", "refsource": "CONFIRM", "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" }, { "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522\u0026r2=1535125\u0026diff_format=h", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522\u0026r2=1535125\u0026diff_format=h" }, { "name": "GLSA-201504-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-03" }, { "name": "RHSA-2014:1020", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" }, { "name": "https://puppet.com/security/cve/cve-2014-0231", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2014-0231" }, { "name": "60536", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60536" }, { "name": "HPSBMU03380", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "name": "SSRT102066", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", "refsource": "CONFIRM", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246" }, { "name": "RHSA-2014:1021", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "name": "SSRT102254", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "name": "APPLE-SA-2015-04-08-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "68742", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68742" }, { "name": "MDVSA-2014:142", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:142" }, { "name": "RHSA-2014:1019", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" }, { "name": "http://advisories.mageia.org/MGASA-2014-0304.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0304.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1120596", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120596" }, { "name": "HPSBUX03337", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711\u0026r2=1610509\u0026diff_format=h", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711\u0026r2=1610509\u0026diff_format=h" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0231", "datePublished": "2014-07-20T10:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T09:05:39.442Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-0226
Vulnerability from cvelistv5
Published
2014-07-20 10:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:05:39.328Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "HPSBUX03512", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0305.html" }, { "name": "DSA-2989", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2989" }, { "name": "68678", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/68678" }, { "name": "HPSBMU03409", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT204659" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c" }, { "name": "GLSA-201408-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201408-12.xml" }, { "name": "GLSA-201504-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-03" }, { "name": "RHSA-2014:1020", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" }, { "name": "60536", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60536" }, { "name": "20140721 Apache HTTPd - description of the CVE-2014-0226.", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2014/Jul/114" }, { "name": "HPSBMU03380", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "name": "SSRT102066", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://zerodayinitiative.com/advisories/ZDI-14-236/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1450998\u0026r2=1610491\u0026diff_format=h" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120603" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246" }, { "name": "RHSA-2014:1021", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "name": "SSRT102254", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c?r1=1588989\u0026r2=1610491\u0026diff_format=h" }, { "name": "APPLE-SA-2015-04-08-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "MDVSA-2014:142", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:142" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://puppet.com/security/cve/cve-2014-0226" }, { "name": "RHSA-2014:1019", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0304.html" }, { "name": "109216", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/109216" }, { "name": "34133", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "http://www.exploit-db.com/exploits/34133" }, { "name": "HPSBUX03337", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.povonsec.com/apache-2-4-7-exploit/" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-07-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-06T10:11:37", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "HPSBUX03512", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0305.html" }, { "name": "DSA-2989", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2989" }, { "name": "68678", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/68678" }, { "name": "HPSBMU03409", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT204659" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c" }, { "name": "GLSA-201408-12", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201408-12.xml" }, { "name": "GLSA-201504-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-03" }, { "name": "RHSA-2014:1020", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" }, { "name": "60536", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60536" }, { "name": "20140721 Apache HTTPd - description of the CVE-2014-0226.", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2014/Jul/114" }, { "name": "HPSBMU03380", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "name": "SSRT102066", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://zerodayinitiative.com/advisories/ZDI-14-236/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1450998\u0026r2=1610491\u0026diff_format=h" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120603" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246" }, { "name": "RHSA-2014:1021", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "name": "SSRT102254", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c?r1=1588989\u0026r2=1610491\u0026diff_format=h" }, { "name": "APPLE-SA-2015-04-08-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "MDVSA-2014:142", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:142" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://puppet.com/security/cve/cve-2014-0226" }, { "name": "RHSA-2014:1019", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0304.html" }, { "name": "109216", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/109216" }, { "name": "34133", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "http://www.exploit-db.com/exploits/34133" }, { "name": "HPSBUX03337", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.povonsec.com/apache-2-4-7-exploit/" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0226", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "HPSBUX03512", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "name": "http://advisories.mageia.org/MGASA-2014-0305.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0305.html" }, { "name": "DSA-2989", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2989" }, { "name": "68678", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68678" }, { "name": "HPSBMU03409", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "name": "https://support.apple.com/HT204659", "refsource": "CONFIRM", "url": "https://support.apple.com/HT204659" }, { "name": "http://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES", "refsource": "CONFIRM", "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" }, { "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c" }, { "name": "GLSA-201408-12", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201408-12.xml" }, { "name": "GLSA-201504-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-03" }, { "name": "RHSA-2014:1020", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" }, { "name": "60536", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60536" }, { "name": "20140721 Apache HTTPd - description of the CVE-2014-0226.", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Jul/114" }, { "name": "HPSBMU03380", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "name": "SSRT102066", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "http://zerodayinitiative.com/advisories/ZDI-14-236/", "refsource": "MISC", "url": "http://zerodayinitiative.com/advisories/ZDI-14-236/" }, { "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1450998\u0026r2=1610491\u0026diff_format=h", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1450998\u0026r2=1610491\u0026diff_format=h" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1120603", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120603" }, { "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", "refsource": "CONFIRM", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246" }, { "name": "RHSA-2014:1021", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "name": "SSRT102254", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c?r1=1588989\u0026r2=1610491\u0026diff_format=h", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c?r1=1588989\u0026r2=1610491\u0026diff_format=h" }, { "name": "APPLE-SA-2015-04-08-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "MDVSA-2014:142", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:142" }, { "name": "https://puppet.com/security/cve/cve-2014-0226", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2014-0226" }, { "name": "RHSA-2014:1019", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" }, { "name": "http://advisories.mageia.org/MGASA-2014-0304.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0304.html" }, { "name": "109216", "refsource": "OSVDB", "url": "http://www.osvdb.org/109216" }, { "name": "34133", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/34133" }, { "name": "HPSBUX03337", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "https://www.povonsec.com/apache-2-4-7-exploit/", "refsource": "MISC", "url": "https://www.povonsec.com/apache-2-4-7-exploit/" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0226", "datePublished": "2014-07-20T10:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T09:05:39.328Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-0118
Vulnerability from cvelistv5
Published
2014-07-20 10:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:05:39.036Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "HPSBUX03512", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0305.html" }, { "name": "DSA-2989", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2014/dsa-2989" }, { "name": "HPSBMU03409", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.apple.com/HT204659" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" }, { "name": "GLSA-201504-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201504-03" }, { "name": "RHSA-2014:1020", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://puppet.com/security/cve/cve-2014-0118" }, { "name": "HPSBMU03380", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "name": "SSRT102066", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c?r1=1604353\u0026r2=1610501\u0026diff_format=h" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246" }, { "name": "RHSA-2014:1021", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "name": "SSRT102254", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "name": "68745", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/68745" }, { "name": "APPLE-SA-2015-04-08-2", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "MDVSA-2014:142", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:142" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120601" }, { "name": "RHSA-2014:1019", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2014-0304.html" }, { "name": "HPSBUX03337", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-07-15T00:00:00", "descriptions": [ { "lang": "en", "value": "The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-06T10:12:03", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "HPSBUX03512", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0305.html" }, { "name": "DSA-2989", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2014/dsa-2989" }, { "name": "HPSBMU03409", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.apple.com/HT204659" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" }, { "name": "GLSA-201504-03", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201504-03" }, { "name": "RHSA-2014:1020", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://puppet.com/security/cve/cve-2014-0118" }, { "name": "HPSBMU03380", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "name": "SSRT102066", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c?r1=1604353\u0026r2=1610501\u0026diff_format=h" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246" }, { "name": "RHSA-2014:1021", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "name": "SSRT102254", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "name": "68745", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/68745" }, { "name": "APPLE-SA-2015-04-08-2", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "MDVSA-2014:142", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:142" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120601" }, { "name": "RHSA-2014:1019", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2014-0304.html" }, { "name": "HPSBUX03337", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0118", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "HPSBUX03512", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "name": "http://advisories.mageia.org/MGASA-2014-0305.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0305.html" }, { "name": "DSA-2989", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2989" }, { "name": "HPSBMU03409", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144050155601375\u0026w=2" }, { "name": "https://support.apple.com/HT204659", "refsource": "CONFIRM", "url": "https://support.apple.com/HT204659" }, { "name": "http://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "CONFIRM", "url": "http://httpd.apache.org/security/vulnerabilities_24.html" }, { "name": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES", "refsource": "CONFIRM", "url": "http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES" }, { "name": "GLSA-201504-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201504-03" }, { "name": "RHSA-2014:1020", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" }, { "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c" }, { "name": "https://puppet.com/security/cve/cve-2014-0118", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2014-0118" }, { "name": "HPSBMU03380", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143748090628601\u0026w=2" }, { "name": "SSRT102066", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c?r1=1604353\u0026r2=1610501\u0026diff_format=h", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c?r1=1604353\u0026r2=1610501\u0026diff_format=h" }, { "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246", "refsource": "CONFIRM", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246" }, { "name": "RHSA-2014:1021", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "name": "SSRT102254", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2" }, { "name": "68745", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68745" }, { "name": "APPLE-SA-2015-04-08-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html" }, { "name": "MDVSA-2014:142", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:142" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1120601", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120601" }, { "name": "RHSA-2014:1019", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" }, { "name": "http://advisories.mageia.org/MGASA-2014-0304.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0304.html" }, { "name": "HPSBUX03337", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073139 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1888194 [9/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210330 svn commit: r1073146 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E" }, { "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0118", "datePublished": "2014-07-20T10:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T09:05:39.036Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-0193
Vulnerability from cvelistv5
Published
2014-05-06 14:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:05:39.201Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "67182", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/67182" }, { "name": "RHSA-2015:0765", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" }, { "name": "59290", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59290" }, { "name": "RHSA-2015:0675", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" }, { "name": "RHSA-2015:0720", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "name": "RHSA-2014:1020", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" }, { "name": "RHSA-2014:1021", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/netty/netty/issues/2441" }, { "name": "58280", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/58280" }, { "name": "RHSA-2014:1019", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://netty.io/news/2014/04/30/release-day.html" }, { "name": "RHSA-2014:1351", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" }, { "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E" }, { "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-05-02T00:00:00", "descriptions": [ { "lang": "en", "value": "WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-19T19:06:10", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "67182", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/67182" }, { "name": "RHSA-2015:0765", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" }, { "name": "59290", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59290" }, { "name": "RHSA-2015:0675", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" }, { "name": "RHSA-2015:0720", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "name": "RHSA-2014:1020", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" }, { "name": "RHSA-2014:1021", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/netty/netty/issues/2441" }, { "name": "58280", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/58280" }, { "name": "RHSA-2014:1019", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://netty.io/news/2014/04/30/release-day.html" }, { "name": "RHSA-2014:1351", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" }, { "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8%40%3Ccommits.pulsar.apache.org%3E" }, { "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0193", "datePublished": "2014-05-06T14:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T09:05:39.201Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-3464
Vulnerability from cvelistv5
Published
2014-08-19 18:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2133.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/95409 | vdb-entry, x_refsource_XF | |
http://rhn.redhat.com/errata/RHSA-2014-1020.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=1102317 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2014-1021.html | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2014-1019.html | vendor-advisory, x_refsource_REDHAT |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:43:06.135Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "jboss-eap-cve20143464-sec-bypass(95409)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95409" }, { "name": "RHSA-2014:1020", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102317" }, { "name": "RHSA-2014:1021", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "name": "RHSA-2014:1019", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-08-06T00:00:00", "descriptions": [ { "lang": "en", "value": "The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2133." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "jboss-eap-cve20143464-sec-bypass(95409)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95409" }, { "name": "RHSA-2014:1020", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102317" }, { "name": "RHSA-2014:1021", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "name": "RHSA-2014:1019", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3464", "datePublished": "2014-08-19T18:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:43:06.135Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-0227
Vulnerability from cvelistv5
Published
2015-02-16 00:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:05:39.451Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "name": "USN-2654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2654-1" }, { "name": "RHSA-2015:0765", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" }, { "name": "RHSA-2015:0675", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" }, { "name": "MDVSA-2015:052", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" }, { "name": "HPSBUX03341", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143393515412274\u0026w=2" }, { "name": "RHSA-2015:0720", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "name": "SSRT102068", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143393515412274\u0026w=2" }, { "name": "72717", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/72717" }, { "name": "RHSA-2015:0991", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0991.html" }, { "name": "MDVSA-2015:084", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084" }, { "name": "DSA-3530", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3530" }, { "name": "1032791", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1032791" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-7.html" }, { "name": "RHSA-2015:0983", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0983.html" }, { "name": "SSRT102066", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "name": "MDVSA-2015:053", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "name": "FEDORA-2015-2109", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-8.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109196" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://source.jboss.org/changelog/JBossWeb?cs=2455" }, { "name": "20150209 [SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://advisories.mageia.org/MGASA-2015-0081.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://tomcat.apache.org/security-6.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "name": "USN-2655-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-2655-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1600984" }, { "name": "HPSBUX03337", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "name": "DSA-3447", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2016/dsa-3447" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2015-02-09T00:00:00", "descriptions": [ { "lang": "en", "value": "java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-13T16:09:57", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "name": "USN-2654-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2654-1" }, { "name": "RHSA-2015:0765", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" }, { "name": "RHSA-2015:0675", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" }, { "name": "MDVSA-2015:052", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" }, { "name": "HPSBUX03341", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143393515412274\u0026w=2" }, { "name": "RHSA-2015:0720", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "name": "SSRT102068", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143393515412274\u0026w=2" }, { "name": "72717", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/72717" }, { "name": "RHSA-2015:0991", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0991.html" }, { "name": "MDVSA-2015:084", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084" }, { "name": "DSA-3530", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3530" }, { "name": "1032791", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1032791" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-7.html" }, { "name": "RHSA-2015:0983", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0983.html" }, { "name": "SSRT102066", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "name": "MDVSA-2015:053", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "name": "FEDORA-2015-2109", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-8.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109196" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://source.jboss.org/changelog/JBossWeb?cs=2455" }, { "name": "20150209 [SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://advisories.mageia.org/MGASA-2015-0081.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://tomcat.apache.org/security-6.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "name": "USN-2655-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-2655-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1600984" }, { "name": "HPSBUX03337", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "name": "DSA-3447", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2016/dsa-3447" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0227", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" }, { "name": "USN-2654-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2654-1" }, { "name": "RHSA-2015:0765", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" }, { "name": "RHSA-2015:0675", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" }, { "name": "MDVSA-2015:052", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052" }, { "name": "HPSBUX03341", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143393515412274\u0026w=2" }, { "name": "RHSA-2015:0720", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "name": "SSRT102068", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143393515412274\u0026w=2" }, { "name": "72717", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72717" }, { "name": "RHSA-2015:0991", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0991.html" }, { "name": "MDVSA-2015:084", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084" }, { "name": "DSA-3530", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3530" }, { "name": "1032791", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032791" }, { "name": "http://tomcat.apache.org/security-7.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-7.html" }, { "name": "RHSA-2015:0983", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0983.html" }, { "name": "SSRT102066", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "name": "MDVSA-2015:053", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, { "name": "FEDORA-2015-2109", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html" }, { "name": "http://tomcat.apache.org/security-8.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-8.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1109196", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1109196" }, { "name": "https://source.jboss.org/changelog/JBossWeb?cs=2455", "refsource": "CONFIRM", "url": "https://source.jboss.org/changelog/JBossWeb?cs=2455" }, { "name": "20150209 [SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html" }, { "name": "http://advisories.mageia.org/MGASA-2015-0081.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2015-0081.html" }, { "name": "http://tomcat.apache.org/security-6.html", "refsource": "CONFIRM", "url": "http://tomcat.apache.org/security-6.html" }, { "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "name": "USN-2655-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2655-1" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1600984", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1600984" }, { "name": "HPSBUX03337", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=143403519711434\u0026w=2" }, { "name": "DSA-3447", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3447" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0227", "datePublished": "2015-02-16T00:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T09:05:39.451Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-3472
Vulnerability from cvelistv5
Published
2014-08-19 18:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors.
References
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2015-0720.html | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2014-1020.html | vendor-advisory, x_refsource_REDHAT | |
http://www.securityfocus.com/bid/69094 | vdb-entry, x_refsource_BID | |
http://rhn.redhat.com/errata/RHSA-2014-1021.html | vendor-advisory, x_refsource_REDHAT | |
http://rhn.redhat.com/errata/RHSA-2014-1019.html | vendor-advisory, x_refsource_REDHAT | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/95170 | vdb-entry, x_refsource_XF | |
https://bugzilla.redhat.com/show_bug.cgi?id=1103815 | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T10:43:06.286Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2015:0720", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "name": "RHSA-2014:1020", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" }, { "name": "69094", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/69094" }, { "name": "RHSA-2014:1021", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "name": "RHSA-2014:1019", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" }, { "name": "jboss-cve20143472-sec-bypass(95170)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95170" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103815" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-08-06T00:00:00", "descriptions": [ { "lang": "en", "value": "The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2015:0720", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "name": "RHSA-2014:1020", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1020.html" }, { "name": "69094", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/69094" }, { "name": "RHSA-2014:1021", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "name": "RHSA-2014:1019", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1019.html" }, { "name": "jboss-cve20143472-sec-bypass(95170)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95170" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103815" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3472", "datePublished": "2014-08-19T18:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:43:06.286Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-0221
Vulnerability from cvelistv5
Published
2014-06-05 21:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T09:05:39.372Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "59342", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59342" }, { "name": "59669", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59669" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.novell.com/support/kb/doc.php?id=7015300" }, { "name": "59990", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59990" }, { "name": "1030337", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1030337" }, { "name": "59454", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59454" }, { "name": "59126", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59126" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.novell.com/support/kb/doc.php?id=7015264" }, { "name": "59306", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59306" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "HPSBUX03046", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2" }, { "name": "61254", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/61254" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E" }, { "name": "59895", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59895" }, { "name": "59449", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59449" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946" }, { "name": "HPSBOV03047", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828" }, { "name": "59441", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59441" }, { "name": "HPSBMU03074", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2" }, { "name": "59189", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59189" }, { "name": "MDVSA-2014:106", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106" }, { "name": "59300", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59300" }, { "name": "GLSA-201407-05", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml" }, { "name": "59284", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59284" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783" }, { "name": "59365", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59365" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "name": "59495", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59495" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889" }, { "name": "FEDORA-2014-9308", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html" }, { "name": "58945", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/58945" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841" }, { "name": "59659", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59659" }, { "name": "openSUSE-SU-2016:0640", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "59429", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59429" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "59655", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59655" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071" }, { "name": "59437", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59437" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html" }, { "name": "59310", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59310" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/" }, { "name": "SUSE-SU-2015:0743", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356" }, { "name": "HPSBMU03057", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.citrix.com/article/CTX140876" }, { "name": "59167", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59167" }, { "name": "59120", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59120" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757" }, { "name": "HPSBMU03069", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2" }, { "name": "MDVSA-2014:105", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:105" }, { "name": "59460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59460" }, { "name": "RHSA-2014:1021", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "name": "58939", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/58939" }, { "name": "SSRT101590", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2" }, { "name": "59027", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59027" }, { "name": "59514", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59514" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21676226" }, { "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl" }, { "name": "67901", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/67901" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "59221", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59221" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419" }, { "name": "58714", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/58714" }, { "name": "HPSBGN03050", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openssl.org/news/secadv_20140605.txt" }, { "name": "58615", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/58615" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT6443" }, { "name": "59301", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59301" }, { "name": "59784", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59784" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80" }, { "name": "HPSBMU03076", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167" }, { "name": "59192", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59192" }, { "name": "FEDORA-2014-9301", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html" }, { "name": "HPSBMU03062", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2" }, { "name": "HPSBMU03056", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2" }, { "name": "59175", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59175" }, { "name": "HPSBMU03051", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2" }, { "name": "59666", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59666" }, { "name": "HPSBMU03055", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2" }, { "name": "59413", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59413" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821" }, { "name": "59721", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59721" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062" }, { "name": "58713", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/58713" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137" }, { "name": "MDVSA-2015:062", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035" }, { "name": "59450", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59450" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html" }, { "name": "59287", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59287" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332" }, { "name": "59491", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59491" }, { "name": "59364", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59364" }, { "name": "59451", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59451" }, { "name": "58977", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/58977" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.novell.com/support/kb/doc.php?id=7015271" }, { "name": "60571", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60571" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d3152655d5319ce883c8e3ac4b99f8de4c59d846" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.blackberry.com/btsc/KB36051" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527" }, { "name": "60687", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/60687" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103593" }, { "name": "59528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59528" }, { "name": "58337", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/58337" }, { "name": "59518", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59518" }, { "name": "59162", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59162" }, { "name": "59490", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/59490" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E" }, { "name": "HPSBMU03065", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2014-06-05T00:00:00", "descriptions": [ { "lang": "en", "value": "The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-09T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "59342", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59342" }, { "name": "59669", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59669" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.novell.com/support/kb/doc.php?id=7015300" }, { "name": "59990", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59990" }, { "name": "1030337", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1030337" }, { "name": "59454", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59454" }, { "name": "59126", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59126" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.novell.com/support/kb/doc.php?id=7015264" }, { "name": "59306", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59306" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "HPSBUX03046", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2" }, { "name": "61254", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/61254" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E" }, { "name": "59895", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59895" }, { "name": "59449", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59449" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946" }, { "name": "HPSBOV03047", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828" }, { "name": "59441", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59441" }, { "name": "HPSBMU03074", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2" }, { "name": "59189", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59189" }, { "name": "MDVSA-2014:106", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106" }, { "name": "59300", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59300" }, { "name": "GLSA-201407-05", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml" }, { "name": "59284", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59284" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783" }, { "name": "59365", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59365" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "name": "59495", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59495" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889" }, { "name": "FEDORA-2014-9308", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html" }, { "name": "58945", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/58945" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841" }, { "name": "59659", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59659" }, { "name": "openSUSE-SU-2016:0640", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "59429", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59429" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "59655", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59655" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071" }, { "name": "59437", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59437" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html" }, { "name": "59310", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59310" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/" }, { "name": "SUSE-SU-2015:0743", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356" }, { "name": "HPSBMU03057", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.citrix.com/article/CTX140876" }, { "name": "59167", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59167" }, { "name": "59120", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59120" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757" }, { "name": "HPSBMU03069", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2" }, { "name": "MDVSA-2014:105", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:105" }, { "name": "59460", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59460" }, { "name": "RHSA-2014:1021", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "name": "58939", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/58939" }, { "name": "SSRT101590", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2" }, { "name": "59027", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59027" }, { "name": "59514", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59514" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.ibm.com/support/docview.wss?uid=swg21676226" }, { "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl" }, { "name": "67901", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/67901" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "59221", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59221" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419" }, { "name": "58714", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/58714" }, { "name": "HPSBGN03050", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openssl.org/news/secadv_20140605.txt" }, { "name": "58615", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/58615" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT6443" }, { "name": "59301", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59301" }, { "name": "59784", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59784" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80" }, { "name": "HPSBMU03076", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167" }, { "name": "59192", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59192" }, { "name": "FEDORA-2014-9301", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html" }, { "name": "HPSBMU03062", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2" }, { "name": "HPSBMU03056", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2" }, { "name": "59175", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59175" }, { "name": "HPSBMU03051", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2" }, { "name": "59666", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59666" }, { "name": "HPSBMU03055", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2" }, { "name": "59413", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59413" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821" }, { "name": "59721", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59721" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062" }, { "name": "58713", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/58713" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137" }, { "name": "MDVSA-2015:062", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035" }, { "name": "59450", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59450" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html" }, { "name": "59287", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59287" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332" }, { "name": "59491", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59491" }, { "name": "59364", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59364" }, { "name": "59451", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59451" }, { "name": "58977", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/58977" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.novell.com/support/kb/doc.php?id=7015271" }, { "name": "60571", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60571" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d3152655d5319ce883c8e3ac4b99f8de4c59d846" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.blackberry.com/btsc/KB36051" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527" }, { "name": "60687", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/60687" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103593" }, { "name": "59528", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59528" }, { "name": "58337", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/58337" }, { "name": "59518", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59518" }, { "name": "59162", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59162" }, { "name": "59490", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/59490" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E" }, { "name": "HPSBMU03065", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0221", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "59342", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59342" }, { "name": "59669", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59669" }, { "name": "http://www.novell.com/support/kb/doc.php?id=7015300", "refsource": "CONFIRM", "url": "http://www.novell.com/support/kb/doc.php?id=7015300" }, { "name": "59990", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59990" }, { "name": "1030337", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030337" }, { "name": "59454", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59454" }, { "name": "59126", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59126" }, { "name": "http://www.novell.com/support/kb/doc.php?id=7015264", "refsource": "CONFIRM", "url": "http://www.novell.com/support/kb/doc.php?id=7015264" }, { "name": "59306", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59306" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678289" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" }, { "name": "HPSBUX03046", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2" }, { "name": "61254", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/61254" }, { "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E", "refsource": "CONFIRM", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6061\u0026myns=phmc\u0026mync=E" }, { "name": "59895", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59895" }, { "name": "59449", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59449" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843" }, { "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946" }, { "name": "HPSBOV03047", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=140317760000786\u0026w=2" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828" }, { "name": "59441", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59441" }, { "name": "HPSBMU03074", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2" }, { "name": "59189", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59189" }, { "name": "MDVSA-2014:106", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:106" }, { "name": "59300", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59300" }, { "name": "GLSA-201407-05", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml" }, { "name": "59284", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59284" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg24037783", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783" }, { "name": "59365", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59365" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "name": "59495", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59495" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889" }, { "name": "FEDORA-2014-9308", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html" }, { "name": "58945", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58945" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841" }, { "name": "59659", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59659" }, { "name": "openSUSE-SU-2016:0640", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" }, { "name": "59429", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59429" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "name": "59655", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59655" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676071" }, { "name": "59437", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59437" }, { "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754", "refsource": "CONFIRM", "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2014-0006.html" }, { "name": "59310", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59310" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc" }, { "name": "http://www.fortiguard.com/advisory/FG-IR-14-018/", "refsource": "CONFIRM", "url": "http://www.fortiguard.com/advisory/FG-IR-14-018/" }, { "name": "SUSE-SU-2015:0743", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg21676793", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21676793" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg21676356", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356" }, { "name": "HPSBMU03057", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2" }, { "name": "http://support.citrix.com/article/CTX140876", "refsource": "CONFIRM", "url": "http://support.citrix.com/article/CTX140876" }, { "name": "59167", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59167" }, { "name": "59120", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59120" }, { "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757", "refsource": "CONFIRM", "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757" }, { "name": "HPSBMU03069", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=140499827729550\u0026w=2" }, { "name": "MDVSA-2014:105", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:105" }, { "name": "59460", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59460" }, { "name": "RHSA-2014:1021", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1021.html" }, { "name": "58939", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58939" }, { "name": "SSRT101590", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=140266410314613\u0026w=2" }, { "name": "59027", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59027" }, { "name": "59514", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59514" }, { "name": "http://www.ibm.com/support/docview.wss?uid=swg21676226", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21676226" }, { "name": "20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl" }, { "name": "67901", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67901" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10075" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "name": "59221", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59221" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419" }, { "name": "58714", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58714" }, { "name": "HPSBGN03050", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=140482916501310\u0026w=2" }, { "name": "http://www.openssl.org/news/secadv_20140605.txt", "refsource": "CONFIRM", "url": "http://www.openssl.org/news/secadv_20140605.txt" }, { "name": "58615", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58615" }, { "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Dec/23" }, { "name": "http://support.apple.com/kb/HT6443", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT6443" }, { "name": "59301", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59301" }, { "name": "59784", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59784" }, { "name": "https://kb.bluecoat.com/index?page=content\u0026id=SA80", "refsource": "CONFIRM", "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA80" }, { "name": "HPSBMU03076", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10629" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167" }, { "name": "59192", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59192" }, { "name": "FEDORA-2014-9301", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html" }, { "name": "HPSBMU03062", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2" }, { "name": "HPSBMU03056", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2" }, { "name": "59175", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59175" }, { "name": "HPSBMU03051", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2" }, { "name": "59666", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59666" }, { "name": "HPSBMU03055", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2" }, { "name": "59413", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59413" }, { "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675821" }, { "name": "59721", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59721" }, { "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756", "refsource": "CONFIRM", "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062" }, { "name": "58713", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58713" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137" }, { "name": "MDVSA-2015:062", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035" }, { "name": "59450", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59450" }, { "name": "http://linux.oracle.com/errata/ELSA-2014-1053.html", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-1053.html" }, { "name": "59287", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59287" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332" }, { "name": "59491", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59491" }, { "name": "59364", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59364" }, { "name": "59451", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59451" }, { "name": "58977", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58977" }, { "name": "https://www.novell.com/support/kb/doc.php?id=7015271", "refsource": "CONFIRM", "url": "https://www.novell.com/support/kb/doc.php?id=7015271" }, { "name": "60571", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60571" }, { "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d3152655d5319ce883c8e3ac4b99f8de4c59d846", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d3152655d5319ce883c8e3ac4b99f8de4c59d846" }, { "name": "http://www.blackberry.com/btsc/KB36051", "refsource": "CONFIRM", "url": "http://www.blackberry.com/btsc/KB36051" }, { "name": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755", "refsource": "CONFIRM", "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755" }, { "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm" }, { "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527" }, { "name": "60687", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60687" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1103593", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1103593" }, { "name": "59528", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59528" }, { "name": "58337", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58337" }, { "name": "59518", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59518" }, { "name": "59162", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59162" }, { "name": "59490", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59490" }, { "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E", "refsource": "CONFIRM", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=6060\u0026myns=phmc\u0026mync=E" }, { "name": "HPSBMU03065", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=140491231331543\u0026w=2" } ] } } } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0221", "datePublished": "2014-06-05T21:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T09:05:39.372Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.