Improper input validation in Apache Http_server
CVE-2014-0117
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.570 (98.2th percentile) — read the EPSS interpretation.
Affected products
- Apache Http_server — versions 2.4.6, 2.4.7, 2.4.8
- Apple Mac_os_x
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_MISC)
- secalert@redhat.com (x_refsource_CONFIRM)
- APPLE-SA-2015-04-08-2 (vendor-advisory, x_refsource_APPLE)
- secalert@redhat.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2014-0117?
- CVE-2014-0117 is a vulnerability in Apache Http_server, classified under Improper Input Validation. Published 2014-07-20.
- Is CVE-2014-0117 known to be exploited?
- 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.