Search for vulnerabilities
Vulnerability details: VCID-96kn-srnx-aaaf
Vulnerability ID VCID-96kn-srnx-aaaf
Aliases CVE-2014-3583
Summary The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-125 Out-of-bounds Read
System Score Found at
generic_textual Medium http://httpd.apache.org/security/vulnerabilities_24.html
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3583.html
rhas Low https://access.redhat.com/errata/RHSA-2015:1855
epss 0.01238 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.01238 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.01238 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.01238 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.01238 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.01238 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.01238 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.01238 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.01238 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.01238 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.01238 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.01238 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.04134 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.04134 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.04134 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.04134 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.09449 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.09449 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.09449 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.09449 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.09449 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.09449 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.09449 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.09449 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.09449 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.09449 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.19785 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
epss 0.24733 https://api.first.org/data/v1/epss?cve=CVE-2014-3583
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583
apache_httpd low https://httpd.apache.org/security/json/CVE-2014-3583.json
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2014-3583
generic_textual Low https://ubuntu.com/security/notices/USN-2523-1
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
Reference id Reference type URL
http://httpd.apache.org/security/vulnerabilities_24.html
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3583.html
http://rhn.redhat.com/errata/RHSA-2015-1855.html
https://access.redhat.com/errata/RHSA-2015:1858
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3583.json
https://api.first.org/data/v1/epss?cve=CVE-2014-3583
https://bugzilla.redhat.com/show_bug.cgi?id=1163555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3583
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://security.gentoo.org/glsa/201701-36
https://support.apple.com/HT205219
https://support.apple.com/kb/HT205031
https://ubuntu.com/security/notices/USN-2523-1
http://svn.apache.org/viewvc?view=revision&revision=1638818
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.securityfocus.com/bid/71657
http://www.ubuntu.com/usn/USN-2523-1
cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.9.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:os_x_server:5.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:os_x_server:5.0.3:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
CVE-2014-3583 https://httpd.apache.org/security/json/CVE-2014-3583.json
CVE-2014-3583 https://nvd.nist.gov/vuln/detail/CVE-2014-3583
RHSA-2015:1855 https://access.redhat.com/errata/RHSA-2015:1855
USN-2523-1 https://usn.ubuntu.com/2523-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-3583
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.85885
EPSS Score 0.01238
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.