4.3

CVE-2014-0118

The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.

Data is provided by the National Vulnerability Database (NVD)
ApacheHTTP Server Version >= 2.2.0 < 2.2.29
ApacheHTTP Server Version >= 2.4.1 < 2.4.10
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
RedhatJboss Enterprise Application Platform Version6.0.0
   RedhatEnterprise Linux Version5.0
   RedhatEnterprise Linux Version6.0
RedhatJboss Enterprise Application Platform Version6.4.0
   RedhatEnterprise Linux Version5.0
   RedhatEnterprise Linux Version6.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 48.88% 0.977
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://marc.info/?l=bugtraq&m=144050155601375&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=143403519711434&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=144493176821532&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=143748090628601&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://www.securityfocus.com/bid/68745
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1120601
Third Party Advisory
Issue Tracking