CVE-2014-0098
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.4102 (41.0%)
Percentil: 97.4%
EPSS: 2026-05-06
Afecta
apache:http_serveroracle:http_serveroracle:secure_global_desktopcanonical:ubuntu_linuxDescripción técnica
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
Publicada: 18/3/2014, 5:18:18
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://advisories.mageia.org/MGASA-2014-0135.html
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
- http://marc.info/?l=bugtraq&m=141017844705317&w=2
- http://marc.info/?l=bugtraq&m=141390017113542&w=2
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/58230