CVE-2014-0118

Apache HTTP Server < 2.4.10 - Denial of Service via Request Body Decompression

Title source: llm
STIX 2.1

Description

The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.

References (43)

Core 43
Core References
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=144493176821532&w=2
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0305.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2989
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=144050155601375&w=2
Patch, Vendor Advisory x_refsource_confirm
http://httpd.apache.org/security/vulnerabilities_24.html
Third Party Advisory x_refsource_confirm
https://support.apple.com/HT204659
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201504-03
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1020.html
Third Party Advisory x_refsource_confirm
https://puppet.com/security/cve/cve-2014-0118
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=143748090628601&w=2
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=143403519711434&w=2
Broken Link vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1021.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/68745
Broken Link, Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:142
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1120601
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1019.html
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0304.html

Scores

EPSS 0.4133
EPSS Percentile 97.5%

Details

CWE
CWE-400
Status published
Products (5)
apache/http_server 2.2.0 - 2.2.29
debian/debian_linux 7.0
debian/debian_linux 8.0
redhat/jboss_enterprise_application_platform 6.0.0
redhat/jboss_enterprise_application_platform 6.4.0
Published Jul 20, 2014
Tracked Since Feb 18, 2026