CVE-2014-0118

Published: 20 July 2014

The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.

Priority

Medium

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian
Upstream
Released (2.4.10)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.4.7-1ubuntu4.1)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1610503 (2.4.x)
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1610522 (2.4.x) (partial)
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1611426 (2.2.x)