PT-2014-1436 · Apache+6 · Apache Http Server+6

Published

2014-07-14

Updated

2024-06-15

CVE-2014-0118

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.10

Description The issue allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. This occurs when request body decompression is enabled. The use of request body decompression is not a common configuration.

Recommendations For versions prior to 2.4.10, consider disabling the deflate in filter function in the mod deflate module as a temporary workaround until a patch is available. Restrict access to the mod deflate module to minimize the risk of exploitation. Avoid using the request body decompression feature until the issue is resolved. Update to version 2.4.10 or later to resolve the issue.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2015-1890

BDU:2015-00398

CESA-2014_0920

CESA-2014_0921

CVE-2014-0118

DLA-66-1

DSA-2989-1

HPSBUX03337

HPSBUX03512

MGASA-2014-0304

MGASA-2014-0305

OPENSUSE-SU-2024:10268-1

RHSA-2014:0920

RHSA-2014:0921

RHSA-2014:0922

RHSA-2014:1019

RHSA-2014:1020

RHSA-2014:1087

RHSA-2014:1088

RHSA-2014_0920

RHSA-2014_0921

SUSE-SU-2017:2907-1

USN-2299-1

Affected Products

Alt Linux

Apache Http Server

Centos

Hp-Ux

Red Hat

Suse

Ubuntu

PT-2014-1436 · Apache+6 · Apache Http Server+6

CVE-2014-0118

Weakness Enumeration

Related Identifiers

Affected Products

References · 222