PT-2014-1435 · Apache · Apache Http Server

Published

2014-07-15

Updated

2024-06-15

CVE-2014-3523

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.1 through 2.4.9

Description A memory leak in the winnt accept function in the WinNT MPM allows remote attackers to cause a denial of service via crafted requests, leading to memory consumption. This issue is related to the default AcceptFilter being enabled on Windows. A remote attacker could send carefully crafted requests that would leak memory and eventually lead to a denial of service against the server.

Recommendations For versions 2.4.1 through 2.4.9, update to version 2.4.10 or later to resolve the issue. As a temporary workaround, consider disabling the default AcceptFilter to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2015-00397

CVE-2014-3523

OPENSUSE-SU-2024:10268-1

Affected Products

Apache Http Server

PT-2014-1435 · Apache · Apache Http Server

CVE-2014-3523

Weakness Enumeration

Related Identifiers

Affected Products

References · 75