CVE-2014-0118

Priority
Medium
Description
The deflate_in_filter function in mod_deflate.c in the mod_deflate module
in the Apache HTTP Server before 2.4.10, when request body decompression is
enabled, allows remote attackers to cause a denial of service (resource
consumption) via crafted request data that decompresses to a much larger
size.
References
Assigned-to
mdeslaur
Package
Upstream:released (2.4.10)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.2.14-5ubuntu8.14)
Ubuntu 12.04 LTS (Precise Pangolin):released (2.2.22-1ubuntu1.7)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.4.7-1ubuntu4.1)
Ubuntu 14.10 (Utopic Unicorn):released (2.4.10-1ubuntu1)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1610503 (2.4.x)
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1610522 (2.4.x) (partial)
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1611426 (2.2.x)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-07-25 13:14:28 UTC (commit 8280)