It is possible to remotely Segfault Apache http server with a specially crafted string sent to the mod_cluster via service messages (MCMP). Only the VirtualHost explicitly enabled by an administrator to receive service messages from worker nodes (Tomcat or EAP workers). Unless the administrator made a grave mistake in opening an unsecured mod_cluster management VirtualHost to the Internet without any authentication, it is impossible to exploit this bug from an untrusted client. Special set of mod_cluster management protocol HTTP method requests. One could pass a certain number of = symbols in sequence after a legitimate element and cause segfault.
Acknowledgments: Name: Michal Karm Babacek
This issue has been addressed in the following products: Red Hat JBoss Web Server 2.1.1 Via RHSA-2016:1650 https://rhn.redhat.com/errata/RHSA-2016-1650.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Via RHSA-2016:1649 https://rhn.redhat.com/errata/RHSA-2016-1649.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Web Server 2 for RHEL 7 Via RHSA-2016:1648 https://rhn.redhat.com/errata/RHSA-2016-1648.html
Created mod_cluster tracking bugs for this issue: Affects: fedora-all [bug 1374210] Affects: epel-6 [bug 1374211]
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4.10 Via RHSA-2016:2056 https://rhn.redhat.com/errata/RHSA-2016-2056.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Via RHSA-2016:2054 https://rhn.redhat.com/errata/RHSA-2016-2054.html
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Via RHSA-2016:2055 https://rhn.redhat.com/errata/RHSA-2016-2055.html