Description

The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.

Remediation

References

CVE-2014-0118

Related Vulnerabilities

Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19745)

WordPress Plugin Livemesh SiteOrigin Widgets Security Bypass (2.5.1)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0314)

Moment.js Uncontrolled Resource Consumption Vulnerability (CVE-2016-4055)

Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-13662)

Severity

Medium

Classification

CVE-2014-0118 CWE-400

Tags

Missing Update Known Vulnerabilities