Description
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.
Remediation
References
Related Vulnerabilities
GlassFish CVE-2012-0551 Vulnerability (CVE-2012-0551)
WordPress 4.4.x Cross-Site Request Forgery (4.4 - 4.4.17)
WordPress Plugin BuddyPress Members Only Cross-Site Scripting (1.8.3)
Oracle JRE CVE-2014-0446 Vulnerability (CVE-2014-0446)
WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)