Lucene search
GiankoH1:20861HistoryFeb 19, 2014 - 12:00 a.m.
Internet Bug Bounty: moderate: mod_deflate denial of service
2014-02-1900:00:00
gianko
hackerone.com
$500
95
0.459 Medium
EPSS
Percentile
97.4%
A resource consumption flaw was found in mod_deflate. If request body decompression was configured (using the “DEFLATE” input filter), a remote attacker could cause the server to consume significant memory and/or CPU resources. The use of request body decompression is not a common configuration.
Acknowledgements: This issue was reported by Giancarlo Pellegrino and Davide Balzarotti
Resolved in Apache httpd 2.4.10-dev: http://httpd.apache.org/security/vulnerabilities_24.html
Related
httpd
httpd
Apache Httpd < 2.4.10 : mod_deflate denial of service
2014-02-19 00:00:00
Apache Httpd < 2.2.29 : mod_deflate denial of service
2014-02-19 00:00:00
prion
prion
Design/Logic Flaw
2014-07-20 11:12:00
cvelist
cvelist
CVE-2014-0118
2014-07-20 10:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server mod_deflate Denial of Service - Ver2 (CVE-2014-0118)
2014-12-28 00:00:00
Apache HTTP Server mod_deflate Denial of Service (CVE-2014-0118)
2014-09-17 00:00:00
ubuntucve
ubuntucve
CVE-2014-0118
2014-07-20 00:00:00
ibm
ibm
debiancve
debiancve
CVE-2014-0118
2014-07-20 11:12:48
cve
cve
CVE-2014-0118
2014-07-20 11:12:48
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:57:18
Denial Of Service (DoS)
2019-05-02 05:03:42
Denial Of Service (DoS)
2019-05-02 05:03:41
nvd
nvd
CVE-2014-0118
2014-07-20 11:12:48
nessus
nessus
Oracle Linux 5 / 6 : httpd (ELSA-2014-0920)
2014-07-24 00:00:00
Amazon Linux AMI : httpd (ALAS-2014-388)
2014-10-12 00:00:00
Mandriva Linux Security Advisory : apache (MDVSA-2014:142)
2014-07-31 00:00:00
openvas
openvas
CentOS Update for httpd CESA-2014:0920 centos6
2014-07-28 00:00:00
CentOS Update for httpd CESA-2014:0920 centos5
2014-07-28 00:00:00
Mageia: Security Advisory (MGASA-2014-0304)
2022-01-28 00:00:00
amazon
amazon
Important: httpd
2014-07-31 13:54:00
Important: httpd24
2014-07-31 13:56:00
debian
debian
[SECURITY] [DSA 2989-1] apache2 security update
2014-07-24 22:19:45
[SECURITY] [DSA 2989-1] apache2 security update
2014-07-24 22:19:45
[SECURITY] [DLA 66-1] apache2 security update
2014-09-29 13:40:41
redhat
redhat
(RHSA-2014:0920) Important: httpd security update
2014-07-23 00:00:00
(RHSA-2014:0921) Important: httpd security update
2014-07-23 00:00:00
(RHSA-2014:1088) Important: Red Hat JBoss Web Server 2.1.0 update
2014-08-21 00:00:00
osv
osv
apache2 - security update
2014-07-24 00:00:00
apache2 - security update
2014-09-29 00:00:00
centos
centos
httpd, mod_ssl security update
2014-07-23 15:12:33
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2014-07-23 15:36:55
oraclelinux
oraclelinux
httpd security update
2014-07-23 00:00:00
httpd security update
2014-07-23 00:00:00
httpd24-httpd security and bug fix update
2016-02-04 00:00:00
mageia
mageia
Updated apache package fixes security vulnerabilities
2014-07-30 01:30:55
Updated apache package fixes security vulnerabilities
2014-07-30 01:30:55
fedora
fedora
[SECURITY] Fedora 20 Update: httpd-2.4.10-1.fc20
2014-07-25 10:03:52
[SECURITY] Fedora 19 Update: httpd-2.4.10-1.fc19
2014-08-15 02:47:11
freebsd
freebsd
apache22 -- several vulnerabilities
2014-07-19 00:00:00
apache24 -- several vulnerabilities
2014-07-15 00:00:00
gentoo
gentoo
Apache: Multiple vulnerabilities
2015-04-11 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2014-07-23 00:00:00
slackware
slackware
[slackware-security] httpd
2014-07-24 01:35:41
securityvulns
securityvulns
[USN-2299-1] Apache HTTP Server vulnerabilities
2014-07-28 00:00:00
Apache multiple security vulnerabilities
2014-07-28 00:00:00
hackerone
hackerone
Boozt Fashion AB: Instance of Apache Vulnerable to Several Issues
2016-09-08 15:44:15
f5
f5
oracle
oracle
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00