Vulnerability & Exploit Database

Displaying entries 1 - 10 of 27 in total

Results for: CVE-2014-2523 Back to search

USN-2523-1: Apache HTTP Server vulnerabilities Vulnerability

  • Severity: 5
  • Published: March 07, 2015

The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.

SUSE: CVE-2014-8109: SUSE Linux Security Advisory Vulnerability

  • Severity: 4
  • Published: December 29, 2014

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by le...

SUSE: CVE-2014-3583: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: December 15, 2014

The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.

SUSE: CVE-2014-3581: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: October 10, 2014

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header.

F5 Networks: K16863 (CVE-2013-5704): Apache vulnerability CVE-2013-5704 Vulnerability

  • Severity: 5
  • Published: April 15, 2014

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

USN-2228-1: Linux kernel vulnerabilities Vulnerability

  • Severity: 10
  • Published: March 24, 2014

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

USN-2227-1: Linux kernel (OMAP4) vulnerabilities Vulnerability

  • Severity: 10
  • Published: March 24, 2014

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

USN-2225-1: Linux kernel (Saucy HWE) vulnerabilities Vulnerability

  • Severity: 10
  • Published: March 24, 2014

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

USN-2224-1: Linux kernel (Raring HWE) vulnerabilities Vulnerability

  • Severity: 10
  • Published: March 24, 2014

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

USN-2223-1: Linux kernel (Quantal HWE) vulnerabilities Vulnerability

  • Severity: 10
  • Published: March 24, 2014

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.