Ask the Community
Groups
CVE-2014-0098 httpd: mod_log_config does not properly handle logging certain cookies resulting in DoS - Connect IT Community | Kaseya
<main> <article class="userContent"> <h3 data-id="cve-id"><strong>CVE ID</strong></h3> <p>CVE-2014-0098</p> <h3 data-id="description"><strong>DESCRIPTION</strong></h3> <p>The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.<br><br>Unitrends risk assessment: None if Unitrends security updates applied</p> <h3 data-id="resolution"><strong>RESOLUTION</strong></h3> <p>For CentOS6, Unitrends systems have httpd-2.2.15-54.el6.centos or later,<br>and this issue was fixed in httpd-2.2.15-30.el6_5<br>For CentOS5, the system should be migrated to CentOS6.<br> </p> <h3 data-id="link-to-advisories"><strong>LINK TO ADVISORIES</strong></h3> <p></p> <ul><li><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Faccess.redhat.com%2Fsecurity%2Fcve%2Fcve-2014-0098%250D%250Ahttps%3A%2F%2Faccess.redhat.com%2Ferrata%2FRHSA-2014%3A0370">https://access.redhat.com/security/cve/cve-2014-0098 https://access.redhat.com/errata/RHSA-2014:0370</a></li></ul> </article> </main>