SynopsisThe remote web server is affected by multiple vulnerabilities.
DescriptionVersions of Apache HTTP Server older than 2.4.8 are unpatched for the following vulnerabilities:
- A denial-of-service vulnerability in the mod_log_config module that can be triggered due to insufficient user-input sanitation when logging a cookie with an unassigned value (CVE-2014-0098)
- A denial-of-service vulnerability in the mod_dav module that can be triggered when tracking the length of CDATA that includes leading whitespace characters. (CVE-2013-6438)
SolutionUpgrade to Apache HTTP Server 2.4.8, or later.