CVE-2014-0118
published 2014-07-20CVE-2014-0118: The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled…
medium4.3CVSS 3.1
AVNACMAuNCNINAP
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | >= 2.2.0 < 2.2.29 | 2.2.29 |
| apache | http_server | >= 2.4.1 < 2.4.10 | 2.4.10 |
| apple | os_x_yosemite_v10.10.3_and_security_update_2015-004 | — | — |
| debian | apache2 | < apache2 2.4.10-1 (bookworm) | apache2 2.4.10-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM