SynopsisThe remote web server is affected by multiple vulnerabilities.
DescriptionVersions of Apache HTTP server 2.4.1 to 2.4.4, 2.4.6, 2.4.7, and 2.4.9 are unpatched for the following vulnerabilities:
- Memory consumption denial of service in WinNT MPM, which affects installations on the Windows platform (CVE-2014-3523)
- Race condition in scoreboard handling, which may potentially result in an exploitable heap buffer overflow (CVE-2014-0226)
- Denial of service when the 'mod_deflate' module attempts to process highly compressed bodies (CVE-2014-0118)
- Denial of service in 'mod_cgid' module when certain CGI scripts do not consume standard input and thus linger indefinitely, eventually causing the server to hang (CVE-2014-0231)
SolutionUpgrade to Apache HTTP Server 2.4.10, or later.