4.3

CVE-2014-0118

The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version >= 2.2.0 < 2.2.29
ApacheHTTP Server Version >= 2.4.1 < 2.4.10
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
RedhatJboss Enterprise Application Platform Version6.0.0
   RedhatEnterprise Linux Version5.0
   RedhatEnterprise Linux Version6.0
RedhatJboss Enterprise Application Platform Version6.4.0
   RedhatEnterprise Linux Version5.0
   RedhatEnterprise Linux Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 37.16% 0.983
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Third Party Advisory
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
http://httpd.apache.org/security/vulnerabilities_24.html
Patch
Vendor Advisory
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E
http://marc.info/?l=bugtraq&m=144050155601375&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Broken Link
Mailing List
https://support.apple.com/HT204659
Third Party Advisory
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES
Vendor Advisory
https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E
http://marc.info/?l=bugtraq&m=143403519711434&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=144493176821532&w=2
Third Party Advisory
Mailing List
Issue Tracking
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246
Third Party Advisory
https://security.gentoo.org/glsa/201504-03
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1019.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1020.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1021.html
Broken Link
http://advisories.mageia.org/MGASA-2014-0305.html
Third Party Advisory
http://advisories.mageia.org/MGASA-2014-0304.html
Third Party Advisory
http://marc.info/?l=bugtraq&m=143748090628601&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c
Vendor Advisory
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c?r1=1604353&r2=1610501&diff_format=h
Patch
Vendor Advisory
http://www.debian.org/security/2014/dsa-2989
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2014:142
Broken Link
http://www.securityfocus.com/bid/68745
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1120601
Third Party Advisory
Issue Tracking
https://puppet.com/security/cve/cve-2014-0118
Third Party Advisory