The handleheaders function in modproxyfcgi.c in the modproxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "apache2", "binary_version": "2.4.7-1ubuntu4.1" }, { "binary_name": "apache2-bin", "binary_version": "2.4.7-1ubuntu4.1" }, { "binary_name": "apache2-data", "binary_version": "2.4.7-1ubuntu4.1" }, { "binary_name": "apache2-dbg", "binary_version": "2.4.7-1ubuntu4.1" }, { "binary_name": "apache2-dev", "binary_version": "2.4.7-1ubuntu4.1" }, { "binary_name": "apache2-doc", "binary_version": "2.4.7-1ubuntu4.1" }, { "binary_name": "apache2-mpm-event", "binary_version": "2.4.7-1ubuntu4.1" }, { "binary_name": "apache2-mpm-itk", "binary_version": "2.4.7-1ubuntu4.1" }, { "binary_name": "apache2-mpm-prefork", "binary_version": "2.4.7-1ubuntu4.1" }, { "binary_name": "apache2-mpm-worker", "binary_version": "2.4.7-1ubuntu4.1" }, { "binary_name": "apache2-suexec", "binary_version": "2.4.7-1ubuntu4.1" }, { "binary_name": "apache2-suexec-custom", "binary_version": "2.4.7-1ubuntu4.1" }, { "binary_name": "apache2-suexec-pristine", "binary_version": "2.4.7-1ubuntu4.1" }, { "binary_name": "apache2-utils", "binary_version": "2.4.7-1ubuntu4.1" }, { "binary_name": "apache2.2-bin", "binary_version": "2.4.7-1ubuntu4.1" }, { "binary_name": "libapache2-mod-macro", "binary_version": "1:2.4.7-1ubuntu4.1" }, { "binary_name": "libapache2-mod-proxy-html", "binary_version": "1:2.4.7-1ubuntu4.1" } ], "ubuntu_priority": "low" }