|
|
Subscribe / Log in / New account

mod_auth_mellon: two vulnerabilities

Package(s):mod_auth_mellon CVE #(s):CVE-2014-8566 CVE-2014-8567
Created:November 5, 2014 Updated:November 6, 2014
Description: From the Red Hat advisory:

An information disclosure flaw was found in mod_auth_mellon's session handling that could lead to sessions overlapping in memory. A remote attacker could potentially use this flaw to obtain data from another user's session. (CVE-2014-8566)

It was found that uninitialized data could be read when processing a user's logout request. By attempting to log out, a user could possibly cause the Apache HTTP Server to crash. (CVE-2014-8567)

Alerts:
Scientific Linux SLSA-2014:1803-1 mod_auth_mellon 2014-11-06
Oracle ELSA-2014-1803 mod_auth_mellon 2014-11-05
CentOS CESA-2014:1803 mod_auth_mellon 2014-11-05
Red Hat RHSA-2014:1803-01 mod_auth_mellon 2014-11-05
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds