Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache HTTP Server < 2.4.8 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

Versions of Apache HTTP Server older than 2.4.8 are unpatched for the following vulnerabilities:

- A denial-of-service vulnerability in the mod_log_config module that can be triggered due to insufficient user-input sanitation when logging a cookie with an unassigned value (CVE-2014-0098)

- A denial-of-service vulnerability in the mod_dav module that can be triggered when tracking the length of CDATA that includes leading whitespace characters. (CVE-2013-6438)

Solution

Upgrade to Apache HTTP Server 2.4.8, or later.