Oracle Solaris 11: CVE-2014-0118: Vulnerability in Apache HTTP Server
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | July 20, 2014 | May 29, 2017 | May 29, 2017 |
Description
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
- APPLE-APPLE-SA-2015-04-08-2
- BID-68745
- CVE-2014-0118
- DEBIAN-DSA-2989
- DISA_SEVERITY-Category I
- DISA_VMSKEY-V0057381
- DISA_VMSKEY-V0061101
- IAVM-2014-A-0172
- IAVM-2015-A-0149
- REDHAT-RHSA-2014:1019
- REDHAT-RHSA-2014:1020
- REDHAT-RHSA-2014:1021
- URL: https://support.oracle.com/epmos/faces/DocumentDisplay?id=1448883.1&displayIndex=1
Solution
oracle-solaris-11-2-upgrade-web-server-apache-22-2-2-27-0-175-2-2-0-3-0Related Vulnerabilities
- ELSA-2014-0921 Important: Oracle Linux httpd security update
- RHSA-2014:1020: Red Hat JBoss Enterprise Application Platform 6.3.0 update
- RHSA-2014:1019: Red Hat JBoss Enterprise Application Platform 6.3.0 update
- HP-UX: CVE-2014-0118: Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
- Alpine Linux: CVE-2014-0118: apache2 multiple issues
- RHSA-2014:1088: Red Hat JBoss Web Server 2.1.0 update
- OS X update for Admin Framework (CVE-2014-0118)
- Apache HTTPD: mod_deflate denial of service (CVE-2014-0118)
- USN-2299-1: Apache HTTP Server vulnerabilities
- RHSA-2014:0922: httpd24-httpd security update
- Cent OS: CVE-2014-0118: CESA-2014:0921 (httpd)
- Sun Patch: SunOS 5.10: Apache 2 Patch
- Amazon Linux AMI: Security patch for httpd24 (ALAS-2014-389) (multiple CVEs)
- ELSA-2014-1972 Low: Oracle Linux Software Collections 1.2 for Oracle Linux httpd24-httpd security and bug fix update
- ELSA-2014-0920 Important: Oracle Linux httpd security update
- FreeBSD: apache22 -- several vulnerabilities (Multiple CVEs)
- RHSA-2014:0920: httpd security update
- FreeBSD: apache24 -- several vulnerabilities (Multiple CVEs)
- Amazon Linux AMI: Security patch for httpd (ALAS-2014-388) (multiple CVEs)
- SUSE: CVE-2014-0118: SUSE Linux Security Advisory
- Gentoo Linux: CVE-2014-0118: Apache: Multiple vulnerabilities
- RHSA-2014:1087: Red Hat JBoss Web Server 2.1.0 update
- OS X update for apache (CVE-2014-0118)
- DSA-2989-1 apache2 -- security update
- Sun Patch: SunOS 5.10_x86: Apache 2 Patch
- HP System Management Homepage - HPSBMU03380 (CVE-2014-0118): Linux and Windows, Multiple Vulnerabilities
- RHSA-2014:0921: httpd security update