Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache HTTP Server < 2.4.10 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

Versions of Apache HTTP server older than 2.4.10 are unpatched for the following vulnerabilities:

- A crash in Connection header handling, which can lead to denial of service against a reverse proxy (CVE-2014-0117)

- Memory consumption denial of service in WinNT MPM, which affects installations on the Windows platform (CVE-2014-3523)

- Race condition in scoreboard handling, which may potentially result in an exploitable heap buffer overflow (CVE-2014-0226)

- Denial of service when the 'mod_deflate' module attempts to process highly compressed bodies (CVE-2014-0118)

- Denial of service in 'mod_cgid' module when certain CGI scripts do not consume standard input and thus linger indefinitely, eventually causing the server to hang (CVE-2014-0231)

Solution

Upgrade to Apache HTTP Server 2.4.10, or later.