A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the "DEFLATE" input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | httpd | 2014-07-31 13:54 | ALAS-2014-388 |
Amazon Linux 1 | httpd24 | 2014-07-31 13:56 | ALAS-2014-389 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:N/I:N/A:P |
NVD | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:N/A:P |