Vigil@nce - Apache HTTP Server: denial of service via mod_log_config
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a truncated cookie, in order to trigger a
denial of service in mod_log_config of Apache HTTP Server.
Impacted products: Apache httpd, Fedora, MBS, MES, Slackware,
Ubuntu
Severity: 2/4
Creation date: 18/03/2014
DESCRIPTION OF THE VULNERABILITY
To define cookies, web clients use an HTTP header like:
Cookie: name=value; name2=value2
The mod_log_config module logs HTTP queries received by Apache
httpd. However, if a cookie has no value, a fatal error occurs in
the log_cookie() function of the modules/loggers/mod_log_config.c
file.
An attacker can therefore use a truncated cookie, in order to
trigger a denial of service in mod_log_config of Apache HTTP
Server.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Apache-HTTP-Server-denial-of-service-via-mod-log-config-14438