CVE-2014-3523

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.1 through 2.4.9

Description A memory leak in the winnt accept function in the WinNT MPM allows remote attackers to cause a denial of service via crafted requests, leading to memory consumption. This issue is related to the default AcceptFilter being enabled on Windows. A remote attacker could send carefully crafted requests that would leak memory and eventually lead to a denial of service against the server.

Recommendations For versions 2.4.1 through 2.4.9, update to version 2.4.10 or later to resolve the issue. As a temporary workaround, consider disabling the default AcceptFilter to minimize the risk of exploitation.