Apache HTTP Server Multiple Vulnerabilities
Last Update Date:
23 Jul 2014
Release Date:
22 Jul 2014
4086
Views
RISK: Medium Risk
TYPE: Servers - Web Servers
Multiple vulnerabilities have been identified in Apache HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
- An error within the mod_cgid module when handling certain input can be exploited to cause a hang of a child process.
- An error within WinNT MPM can be exploited to trigger a memory leak by sending specially crafted requests. Successful exploitation requires the server is configured using the default AcceptFilter setting.
Note: This vulnerability only affects Apache HTTP Server running on Windows NT operating systems. - An error when handling HTTP headers within the mod_proxy module can be exploited to cause a crash of the worker by sending a specially crafted request.
Successful exploitation requires the server to be configured as a reverse proxy. - An error when within mod_deflate module can be exploited to consume memory and CPU resources.
Successful exploitation requires the server to be configured to use request body decompression.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Versions 2.4.9 and prior
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 2.4.10
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with