Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Apache HTTP Server Denial of Service Vulnerabilities in Red Hat Products

 

Systems Affected


Red Hat Enterprise Linux version 5 (httpd) Red Hat Enterprise Linux version 6 (httpd) Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server(httpd)
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server(httpd)
Red Hat JBoss Enterprise Application Platform 6.2
Red Hat JBoss Web Server 2 for RHEL 5 Server (httpd)
Red Hat JBoss Web Server 2 for RHEL 6 Server (httpd)
Red Hat JBoss Web Server 2.0

Threat Level


Medium


Overview


Multiple vulnerabilities have been reported in Apache HTTP Server used in Red Hat products, which could allow a remote attacker to cause denial of service conditions.


Description


1. Denial of Service (DoS) vulnerability in Apache HTTP Server mod_dav module ( CVE-2013-6438 )
This vulnerability exists in dav_xml_get_cdata function in "main/util.c" of mod_dav module due to an error while tracking the length of CDATA that includes removing white space. A remote attacker could exploit this vulnerability via a specially crafted DAV WRITE request. Successful exploitation could allow the remote attacker to cause Denial of Service (DoS) conditions.

2. Denial of Service (DoS) vulnerability in Apache HTTP Server mod_log_config module ( CVE-2014-0098 )
This vulnerability exists in log_cookie function in "mod_log_config.c" of mod_log_config module due to an error while logging a cookie with an unassigned value. A remote attacker could exploit this vulnerability via a specially crafted truncated cookie. Successful exploitation could allow the remote attacker to cause Denial of Service (DoS) conditions.


Impact



Solution/ Workarounds


Apply appropriate updates as mention in the following link
https://rhn.redhat.com/errata/RHSA-2014-0825.html


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.