CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
97.4%
The deflate_in_filter function in mod_deflate.c in the mod_deflate module
in the Apache HTTP Server before 2.4.10, when request body decompression is
enabled, allows remote attackers to cause a denial of service (resource
consumption) via crafted request data that decompresses to a much larger
size.