NULL pointer dereference in Apache Http_server
CVE-2014-3581
The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an…
EPSS: 0.048 (89.7th percentile) — read the EPSS interpretation.
Affected products
- Apache Http_server — versions 2.4.1, 2.4.2, 2.4.3
- Oracle Enterprise_manager_ops_center — versions 12.2.0, 12.2.1, 12.3.0
- Oracle Linux — versions 6
- Canonical Ubuntu_linux — versions 10.04, 12.04, 14.04
- Redhat Enterprise_linux_desktop — versions 7.0
- Redhat Enterprise_linux_eus — versions 7.3, 7.4, 7.5
- Redhat Enterprise_linux_server — versions 7.0
- Redhat Enterprise_linux_server_aus — versions 7.3, 7.4, 7.6
- Redhat Enterprise_linux_server_tus — versions 7.3, 7.6, 7.7
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- GLSA-201610-02 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
- RHSA-2015:0325 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- USN-2523-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- 1031005 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK, Broken Link)
- apache-cve20143581-dos(97027) (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_XF)
- secalert@redhat.com (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
- APPLE-SA-2015-08-13-2 (vendor-advisory, x_refsource_APPLE, Mailing List, Broken Link)
Frequently asked questions
- What is CVE-2014-3581?
- CVE-2014-3581 is a vulnerability in Apache Http_server, classified under NULL Pointer Dereference. Published 2014-10-10.
- Is CVE-2014-3581 known to be exploited?
- 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.