Apache – CVE-2014-3583

Description

Cytrix has detected an out-of-bounds memory read in mod_proxy_fcgi in the Version of Apache HTTP Server being used.

CVE-2014-3583 is categorized as a ‘Improper Restriction of Operations within the Bounds of a Memory Buffer’ vulnerability (CWE-119).
These Vulnerabilities occur when the software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Attackers abuse the ‘handle_headers’ function in ‘mod_proxy_fcgi.c’ in the ‘mod_proxy_fcgi’ module in the Apache HTTP Server.
This will allow remote FastCGI servers to cause a denial of service through buffer over-read and daemon crash using a long response headers.

It could lead to a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2014-3583, upgrade the version of Apache HTTP Server being used to 2.4.12.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583

https://cwe.mitre.org/data/definitions/119.html

< Return to all Vulnerabilities

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »