Bugzilla – Bug 887767
VUL-0: CVE-2014-0117: apache2: mod_proxy denial of service
Last modified: 2014-09-02 12:02:04 UTC
CVE-2014-0117 A flaw was found in mod_proxy. A remote attacker could send a carefully crafted request to a server configured as a reverse proxy, and cause the child process to crash. This could lead to a denial of service against a threaded MPM. References: http://httpd.apache.org/security/vulnerabilities_24.html https://bugzilla.redhat.com/show_bug.cgi?id=1120599 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0117
bugbot adjusting priority
The corresponding bug was introduced with commit r1502201 ( http://svn.apache.org/viewvc?view=revision&revision=r1502201 ) in the transition from httpd 2.4.4 to 2.4.5, one year ago. Affected products: openSUSE-13.1, SLES12. The necessary changes are http://svn.apache.org/r1610674
openSUSE-SU-2014:1044-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 869105,869106,887765,887767,887768,887771 CVE References: CVE-2013-4352,CVE-2013-6438,CVE-2014-0098,CVE-2014-0117,CVE-2014-0226,CVE-2014-0231 Sources used: openSUSE 13.1 (src): apache2-2.4.6-6.27.1
was released