CVE-2014-8566

mod_auth_mellon < 0.8.1 - Exposure of Sensitive Information via Session Overflow

Title source: llm
STIX 2.1

Description

The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory."

References (6)

Core 6
Core References
Various Sources x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1803.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1803.html
Patch, Vendor Advisory x_refsource_confirm
https://github.com/UNINETT/mod_auth_mellon/releases/tag/v0.8.1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62094
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62125
Patch, Vendor Advisory mailing-list x_refsource_mlist
https://postlister.uninett.no/sympa/arc/modmellon/2014-11/msg00000.html

Scores

EPSS 0.0273
EPSS Percentile 84.3%

Details

CWE
CWE-200
Status published
Products (2)
oracle/linux 6
uninett/mod_auth_mellon < 0.8.0
Published Nov 15, 2014
Tracked Since Feb 18, 2026