Description

The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.

Remediation

References

CVE-2014-0118

Related Vulnerabilities

Apache version older than 1.3.39

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-1762)

MySQL CVE-2018-2812 Vulnerability (CVE-2018-2812)

WeBid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3815)

WordPress Plugin Category Grid View Gallery Cross-Site Scripting (2.3.3)

Severity

Medium

Classification

CVE-2014-0118 CWE-400

Tags

Missing Update Known Vulnerabilities