CVE-2014-8567 — HIGH (9.4) — White Hats Nepal

Q: What is CVE-2014-8567?

CVE-2014-8567 is a vulnerability with a CVSS score of 9.4 (HIGH). The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.

Q: How severe is CVE-2014-8567?

CVE-2014-8567 has been rated HIGH with a CVSS base score of 9.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-8567?

Check the references section above for vendor advisories and patch information. Affected products include: Uninett Mod Auth Mellon, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus.

Vulnerability Description

The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.

CVSS Score

9.4

HIGH

AV:N/AC:L/Au:N/C:N/I:C/A:C

Confidentiality

NONE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Uninett	Mod Auth Mellon	< 0.8.1
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server Aus	6.6
Redhat	Enterprise Linux Server Eus	6.6
Redhat	Enterprise Linux Server Tus	6.6
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-399

References

http://linux.oracle.com/errata/ELSA-2014-1803.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1803.htmlThird Party Advisory
http://secunia.com/advisories/62094Permissions RequiredThird Party Advisory
http://secunia.com/advisories/62125Permissions RequiredThird Party Advisory
https://github.com/UNINETT/mod_auth_mellon/commit/0f5b4fd860fa7e3a6c47201637aab0Third Party Advisory
https://postlister.uninett.no/sympa/arc/modmellon/2014-11/msg00000.htmlVendor Advisory
http://linux.oracle.com/errata/ELSA-2014-1803.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1803.htmlThird Party Advisory
http://secunia.com/advisories/62094Permissions RequiredThird Party Advisory
http://secunia.com/advisories/62125Permissions RequiredThird Party Advisory
https://github.com/UNINETT/mod_auth_mellon/commit/0f5b4fd860fa7e3a6c47201637aab0Third Party Advisory
https://postlister.uninett.no/sympa/arc/modmellon/2014-11/msg00000.htmlVendor Advisory

FAQ

What is CVE-2014-8567?

CVE-2014-8567 is a vulnerability with a CVSS score of 9.4 (HIGH). The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.

How severe is CVE-2014-8567?

CVE-2014-8567 has been rated HIGH with a CVSS base score of 9.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-8567?

Check the references section above for vendor advisories and patch information. Affected products include: Uninett Mod Auth Mellon, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus.