CVE-2014-8566

The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory."

Published: Nov 15, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-8566
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:P/I:N/A:P

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
uninett / mod_auth_mellon	-	0.8.0.x
oracle / linux	6	6.x

http://linux.oracle.com/errata/ELSA-2014-1803.html
http://rhn.redhat.com/errata/RHSA-2014-1803.html
http://secunia.com/advisories/62094
http://secunia.com/advisories/62125
https://github.com/UNINETT/mod_auth_mellon/releases/tag/v0.8.1
https://postlister.uninett.no/sympa/arc/modmellon/2014-11/msg00000.html

Vulnerability Database

289,599

CVE-2014-8566