Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-2146

The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.

Related bugs and status

CVE-2016-2146 (Candidate) is related to these bugs:

Bug #1610286: [MIR] libapache2-mod-auth-mellon, liblasso3

Summary				In	Importance	Status
	1610286	[MIR] libapache2-mod-auth-mellon, liblasso3		libapache2-mod-auth-mellon (Ubuntu)	Medium	Fix Released
	1610286	[MIR] libapache2-mod-auth-mellon, liblasso3		lasso (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://lists.fedorapro...
MISC: https://sympa.uninett....
MISC: https://github.com/UNI...