FS#41244 - [apache] CVE-2014-0226 mod_status buffer overflow
Attached to Project:
Arch Linux
Opened by Ingo Albrecht (indigo) - Thursday, 17 July 2014, 19:09 GMT
Last edited by Jan de Groot (JGC) - Wednesday, 23 July 2014, 07:28 GMT
Opened by Ingo Albrecht (indigo) - Thursday, 17 July 2014, 19:09 GMT
Last edited by Jan de Groot (JGC) - Wednesday, 23 July 2014, 07:28 GMT
|
Details
Description:
Please see http://www.zerodayinitiative.com/advisories/ZDI-14-236/ (link to fixing commit is included) Quote: "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache HTTPD server. Authentication is not required to exploit this vulnerability." Further CVE were fixed on 15th July, listed at http://httpd.apache.org/security/vulnerabilities_24.html |
This task depends upon
Comment by
Anatol Pomozov (anatolik) -
Saturday, 19 July 2014, 05:26 GMT
A new version of Apache (2.4.10) with the fix will be released in
2 days
http://mail-archives.apache.org/mod_mbox/httpd-dev/201407.mbox/%3C00CBE352-64A3-4ADA-BE2C-3F38D2C8A81C%40jaguNET.com%3E