Apache Httpd < 2.4.10: WinNT MPM denial of service

ID HTTPD:BCF870B32FD7F24E4A96C952963B2CA2
Type httpd
Reporter Jeff Trawick of the ASF
Modified 2014-07-15T00:00:00


A flaw was found in the WinNT MPM in httpd versions 2.4.1 to 2.4.9, when using the default AcceptFilter for that platform. A remote attacker could send carefully crafted requests that would leak memory and eventually lead to a denial of service against the server.