CVE-2014-3583
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.
We have discovered 869,017 live websites that are affected by CVE-2014-3583.
Affected Software
| Product |  Apache |
| Category | Web Servers |
| Vulnerable Domains | 869,017 live websites (27.54% of Apache install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 97 versions ( 65.99% of all versions) |
Details
- Published - Dec 16, 2014
- Updated - Aug 6, 2024
CVE References
CVE-2014-3583 usage by Country
 United States | 261,130 websites |
 Taiwan | 109,190 websites |
 Germany | 71,574 websites |
 Japan | 53,695 websites |
 Netherlands | 37,791 websites |
 Russia | 34,778 websites |
 France | 28,856 websites |
 Singapore | 23,322 websites |
 GB | 19,835 websites |
 Czech Republic | 18,527 websites |
CVE-2014-3583 usage by TLD
| .com | 384,706 websites |
| .de | 53,085 websites |
| .net | 36,174 websites |
| .org | 30,637 websites |
| .ru | 30,485 websites |
| .nl | 27,575 websites |
| .jp | 16,208 websites |
| .cz | 15,067 websites |
| .info | 14,501 websites |
| .it | 13,757 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2014-3583
Top websites that are affected by CVE-2014-3583. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.***********.com |  Canada | *** | |
| *********.*************.se | United States | *** | |
| ********.*********.com | Singapore | *,*** | |
| ******************.com | United States | *,*** | |
| *********.******.net | United States | *,*** | |
| ****.com | United States | *,*** | |
| ********.com | United States | *,*** | |
| ****.**.pl |  Poland | *,*** | |
| ******.com | Japan | *,*** | |
| ********.********.de | Germany | *,*** |
FAQ
A total of 869,017 websites have been identified as vulnerable to CVE-2014-3583, discovered through global website indexing conducted by WebTechSurvey.
Apache is susceptible to CVE-2014-3583 vulnerability.
Apache versions before 2.4.10 are vulnerable to CVE-2014-3583.
Version 2.4.10 of Apache addresses the CVE-2014-3583 security vulnerability.
References
- http://httpd.apache.org/security/vulnerabilities_24.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1163555
- http://www.ubuntu.com/usn/USN-2523-1
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://svn.apache.org/viewvc?view=revision&revision=1638818
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
- http://rhn.redhat.com/errata/RHSA-2015-1855.html
- http://www.securityfocus.com/bid/71657
- https://support.apple.com/kb/HT205031
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html
- https://access.redhat.com/errata/RHSA-2015:1858
- https://support.apple.com/HT205219
- https://security.gentoo.org/glsa/201701-36
- https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E