CVE-2014-8567 - OpenCVE

The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux Server Enterprise Linux Server Eus Enterprise Linux Server Tus Enterprise Linux Desktop Enterprise Linux Workstation Enterprise Linux Server Aus
Uninett	Mod Auth Mellon

Configuration 1 [-]

cpe:2.3:a:uninett:mod_auth_mellon:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

References

Link	Resource
http://linux.oracle.com/errata/ELSA-2014-1803.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1803.html	Third Party Advisory
http://secunia.com/advisories/62094	Permissions Required Third Party Advisory
http://secunia.com/advisories/62125	Permissions Required Third Party Advisory
https://github.com/UNINETT/mod_auth_mellon/commit/0f5b4fd860fa7e3a6c47201637aab05395f32647	Third Party Advisory
https://postlister.uninett.no/sympa/arc/modmellon/2014-11/msg00000.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-11-14T15:00:00

Updated: 2014-11-19T20:57:00

Reserved: 2014-10-31T00:00:00

Link: CVE-2014-8567

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-11-14T15:59:02.607

Modified: 2019-07-09T12:29:11.947

Link: CVE-2014-8567

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-03T00:00:00", "descriptions": [{"lang": "en", "value": "The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-11-19T20:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://linux.oracle.com/errata/ELSA-2014-1803.html"}, {"name": "RHSA-2014:1803", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1803.html"}, {"name": "62094", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62094"}, {"name": "62125", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62125"}, {"name": "[modmellon] 20141103 Information disclosure vulnerability in version 0.8.0 of mod_auth_mellon", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://postlister.uninett.no/sympa/arc/modmellon/2014-11/msg00000.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/UNINETT/mod_auth_mellon/commit/0f5b4fd860fa7e3a6c47201637aab05395f32647"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8567", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://linux.oracle.com/errata/ELSA-2014-1803.html", "refsource": "CONFIRM", "url": "http://linux.oracle.com/errata/ELSA-2014-1803.html"}, {"name": "RHSA-2014:1803", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1803.html"}, {"name": "62094", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62094"}, {"name": "62125", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62125"}, {"name": "[modmellon] 20141103 Information disclosure vulnerability in version 0.8.0 of mod_auth_mellon", "refsource": "MLIST", "url": "https://postlister.uninett.no/sympa/arc/modmellon/2014-11/msg00000.html"}, {"name": "https://github.com/UNINETT/mod_auth_mellon/commit/0f5b4fd860fa7e3a6c47201637aab05395f32647", "refsource": "CONFIRM", "url": "https://github.com/UNINETT/mod_auth_mellon/commit/0f5b4fd860fa7e3a6c47201637aab05395f32647"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-8567", "datePublished": "2014-11-14T15:00:00", "dateReserved": "2014-10-31T00:00:00", "dateUpdated": "2014-11-19T20:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:uninett:mod_auth_mellon:*:*:*:*:*:*:*:*", "matchCriteriaId": "19657A3F-E4A5-4063-8A3F-05D7044E0C75", "versionEndExcluding": "0.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "C18E3368-8980-45D2-AD3F-5BF385ABA693", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "13E02156-E748-4820-B76F-7074793837E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data."}, {"lang": "es", "value": "El m\u00f3dulo mod_auth_mellon anterior a 0.8.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda del servidor Apache HTTP) a trav\u00e9s de una petici\u00f3n de apagado del servicio Apache manipulada."}], "id": "CVE-2014-8567", "lastModified": "2019-07-09T12:29:11.947", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.4, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-14T15:59:02.607", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://linux.oracle.com/errata/ELSA-2014-1803.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1803.html"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://secunia.com/advisories/62094"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://secunia.com/advisories/62125"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/UNINETT/mod_auth_mellon/commit/0f5b4fd860fa7e3a6c47201637aab05395f32647"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://postlister.uninett.no/sympa/arc/modmellon/2014-11/msg00000.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}