CVE-2014-8566
mod_auth_mellon < 0.8.1 - Exposure of Sensitive Information via Session Overflow
Title source: llmDescription
The mod_auth_mellon module before 0.8.1 allows remote attackers to obtain sensitive information or cause a denial of service (segmentation fault) via unspecified vectors related to a "session overflow" involving "sessions overlapping in memory."
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-1803.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1803.html
Patch, Vendor Advisory x_refsource_confirm
https://github.com/UNINETT/mod_auth_mellon/releases/tag/v0.8.1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62094
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62125
Patch, Vendor Advisory mailing-list
x_refsource_mlist
https://postlister.uninett.no/sympa/arc/modmellon/2014-11/msg00000.html
Scores
EPSS
0.0273
EPSS Percentile
84.3%
Details
CWE
CWE-200
Status
published
Products (2)
oracle/linux
6
uninett/mod_auth_mellon
< 0.8.0
Published
Nov 15, 2014
Tracked Since
Feb 18, 2026