Apache HTTP Server Multiple Vulnerabilities

Last Update Date: 23 Jul 2014 Release Date: 22 Jul 2014 3085 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Multiple vulnerabilities have been identified in Apache HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

  1. An error within the mod_cgid module when handling certain input can be exploited to cause a hang of a child process.
  2. An error within WinNT MPM can be exploited to trigger a memory leak by sending specially crafted requests. Successful exploitation requires the server is configured using the default AcceptFilter setting.

    Note: This vulnerability only affects Apache HTTP Server running on Windows NT operating systems.
  3. An error when handling HTTP headers within the mod_proxy module can be exploited to cause a crash of the worker by sending a specially crafted request.
    Successful exploitation requires the server to be configured as a reverse proxy.
  4. An error when within mod_deflate module can be exploited to consume memory and CPU resources.
    Successful exploitation requires the server to be configured to use request body decompression.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Versions 2.4.9 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 2.4.10

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Drupal Multiple vulnerabilities

18 Jul 2014 2997 Views

Next

Tenable Nessus Web UI Information Disclosure Vulnerability

22 Jul 2014 3074 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY