Skip to main content

Apache HTTP Server Multiple Vulnerabilities

Last Update Date: 23 Jul 2014 Release Date: 22 Jul 2014 4086 Views

RISK: Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Multiple vulnerabilities have been identified in Apache HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

  1. An error within the mod_cgid module when handling certain input can be exploited to cause a hang of a child process.
  2. An error within WinNT MPM can be exploited to trigger a memory leak by sending specially crafted requests. Successful exploitation requires the server is configured using the default AcceptFilter setting.

    Note: This vulnerability only affects Apache HTTP Server running on Windows NT operating systems.
  3. An error when handling HTTP headers within the mod_proxy module can be exploited to cause a crash of the worker by sending a specially crafted request.
    Successful exploitation requires the server to be configured as a reverse proxy.
  4. An error when within mod_deflate module can be exploited to consume memory and CPU resources.
    Successful exploitation requires the server to be configured to use request body decompression.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Versions 2.4.9 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 2.4.10

Vulnerability Identifier

  • No CVE information is available

Source


Related Link