Red Hat Bugzilla – Bug 1341583
CVE-2016-4459 mod_cluster: Buffer overflow in mod_manager when sending request with long JVMRoute
Last modified: 2018-03-08 16:05:11 EST
Configuration of mod_cluster via JVMRoute longer than 80 characters will cause segfault. A segmentation fault can occur in Apache HTTPD 2.2. The crash is due to a strcpy buffer overflow in mod_cluster's mod_manager. https://github.com/modcluster/mod_cluster/blob/1.2.9.Final/native/mod_manager/node.c#L227 [Open URL] If clients send a request with a JVMRoute longer than 80 characters (the size of the strcpy destination), the strcpy segfaults.
Acknowledgments: Name: Robert Bost (Red Hat)
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4.10 Via RHSA-2016:2056 https://rhn.redhat.com/errata/RHSA-2016-2056.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Via RHSA-2016:2054 https://rhn.redhat.com/errata/RHSA-2016-2054.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Via RHSA-2016:2055 https://rhn.redhat.com/errata/RHSA-2016-2055.html
This issue has been addressed in the following products: Via RHSA-2016:2957 https://rhn.redhat.com/errata/RHSA-2016-2957.html
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 Via RHSA-2017:0194 https://access.redhat.com/errata/RHSA-2017:0194
This issue has been addressed in the following products: JBoss Core Services on RHEL 6 Via RHSA-2017:0193 https://access.redhat.com/errata/RHSA-2017:0193