CVE-2014-0117
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.5700 (57.0%)
Percentil: 98.2%
EPSS: 2026-05-06
Afecta
apache:http_serverapple:mac_os_xDescripción técnica
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
Publicada: 20/7/2014, 11:12:48
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://advisories.mageia.org/MGASA-2014-0305.html
- http://httpd.apache.org/security/vulnerabilities_24.html
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
- http://seclists.org/fulldisclosure/2014/Jul/117
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1599486&r2=1610674&diff_format=h
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/proxy_util.c?r1=1609680&r2=1610674&diff_format=h