Apache HTTP Server 2.4.1 to 2.4.4, 2.4.6, 2.4.7, 2.4.9 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 8343
SynopsisThe remote web server is affected by multiple vulnerabilities.
DescriptionVersions of Apache HTTP server 2.4.1 to 2.4.4, 2.4.6, 2.4.7, and 2.4.9 are unpatched for the following vulnerabilities:
- Memory consumption denial of service in WinNT MPM, which affects installations on the Windows platform (CVE-2014-3523)
- Race condition in scoreboard handling, which may potentially result in an exploitable heap buffer overflow (CVE-2014-0226)
- Denial of service when the 'mod_deflate' module attempts to process highly compressed bodies (CVE-2014-0118)
- Denial of service in 'mod_cgid' module when certain CGI scripts do not consume standard input and thus linger indefinitely, eventually causing the server to hang (CVE-2014-0231)
SolutionUpgrade to Apache HTTP Server 2.4.10, or later.