Description

The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.

Remediation

References

CVE-2014-0118

Related Vulnerabilities

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1612)

PostgreSQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2021-32027)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33944)

WordPress Plugin Multiple Page Generator-MPG Cross-Site Request Forgery (3.3.9)

WordPress Plugin Animate It! Cross-Site Request Forgery (2.3.5)

Severity

Medium

Classification

CVE-2014-0118 CWE-400

Tags

Missing Update Known Vulnerabilities