PT-2014-1436 · Apache+6 · Apache Http Server+6

Publicado

2014-07-14

·

Atualizado

2024-06-15

·

CVE-2014-0118

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.10
Description The issue allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. This occurs when request body decompression is enabled. The use of request body decompression is not a common configuration.
Recommendations For versions prior to 2.4.10, consider disabling the deflate in filter function in the mod deflate module as a temporary workaround until a patch is available. Restrict access to the mod deflate module to minimize the risk of exploitation. Avoid using the request body decompression feature until the issue is resolved. Update to version 2.4.10 or later to resolve the issue.

Exploit

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALT-PU-2015-1890
BDU:2015-00398
CESA-2014_0920
CESA-2014_0921
CVE-2014-0118
DLA-66-1
DSA-2989-1
HPSBUX03337
HPSBUX03512
MGASA-2014-0304
MGASA-2014-0305
OPENSUSE-SU-2024:10268-1
RHSA-2014:0920
RHSA-2014:0921
RHSA-2014:0922
RHSA-2014:1019
RHSA-2014:1020
RHSA-2014:1087
RHSA-2014:1088
RHSA-2014_0920
RHSA-2014_0921
SUSE-SU-2017:2907-1
USN-2299-1

Produtos afetados

Alt Linux
Apache Http Server
Centos
Hp-Ux
Red Hat
Suse
Ubuntu