CVE-2014-0231

The modcgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service process hang via a request to a CGI script that does not read from its stdin file descriptor...

CVE-2014-3523

Memory leak in the winntaccept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service memory consumption via crafted requests...

CVE-2013-4352

The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger a missing hostna...

Design/Logic Flaw

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

Design/Logic Flaw

The deflateinfilter function in moddeflate.c in the moddeflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service resource consumption via crafted request data that decompresses to a much larger size...

Race condition

Race condition in the modstatus module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service heap-based buffer overflow, or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard...

Memory corruption

Memory leak in the winntaccept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service memory consumption via crafted requests...

Null pointer dereference

The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger a missing hostna...

UBUNTU-CVE-2013-4352

The cacheinvalidate function in modules/cache/cachestorage.c in the modcache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger a missing hostna...

CVE-2014-0231

The modcgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service process hang via a request to a CGI script that does not read from its stdin file descriptor...

CVE-2014-0118

The deflateinfilter function in moddeflate.c in the moddeflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service resource consumption via crafted request data that decompresses to a much larger size...

CVE-2014-3523

CVE-2014-3523 corresponds to a memory leak in the WinNT MPM of Apache HTTP Server 2.4.x on Windows. Specifically, when AcceptFilter is enabled, the winnt_accept function in server/mpm/winnt/child.c can leak memory under crafted requests, leading to denial of service. The vulnerability is tied to ...

CVE-2014-0231

The CVE-2014-0231 issue affects the Apache HTTP Server mod_cgid module, specifically versions before 2.4.10. A missing timeout mechanism allows a remote attacker to trigger a denial of service by sending a request to a CGI script that does not read from stdin, causing the process to hang. This vu...

CVE-2014-0226

Apache HTTP Server CVE-2014-0226 is a race-condition vulnerability in the mod_status component that can cause a heap-based buffer overflow, denial of service, and potentially credential disclosure or code execution. Affects httpd before 2.4.10; the issue arises from improper scoreboard handling i...

CVE-2014-0118

CVE-2014-0118 affects the Apache HTTP Server mod_deflate: the deflate_in_filter in mod_deflate.c allows remote denial-of-service when request body decompression is enabled, by processing crafted data that expands to a large size. Affected versions are Apache httpd prior to 2.4.10. Impact is resou...

CVE-2014-0231

The modcgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service process hang via a request to a CGI script that does not read from its stdin file descriptor...

CVE-2014-0118

The deflateinfilter function in moddeflate.c in the moddeflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service resource consumption via crafted request data that decompresses to a much larger size...

CVE-2014-0117

The modproxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service child-process crash via a crafted HTTP Connection header...

CVE-2014-0226

Race condition in the modstatus module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service heap-based buffer overflow, or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard...

Apache HTTP Server mod_proxy Denial Of Service Vulnerability

This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of Apache HTTP Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the modproxy module. The issue lies in the processing of HTTP headers...