The mod_auth_mellon module before 0.8.1 allows remote attackers to cause a denial of service (Apache HTTP server crash) via a crafted logout request that triggers a read of uninitialized data.
2014-11-14T15:59:02.607
2025-04-12T10:46:40.837
Deferred
CVSSv2: 9.4 (HIGH)
AV:N/AC:L/Au:N/C:N/I:C/A:C
10.0
9.2
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | uninett | mod_auth_mellon | < 0.8.1 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_server | 6.0 | Yes |
| Operating System | redhat | enterprise_linux_server_aus | 6.6 | Yes |
| Operating System | redhat | enterprise_linux_server_eus | 6.6 | Yes |
| Operating System | redhat | enterprise_linux_server_tus | 6.6 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 6.0 | Yes |