CVE-2014-3523
Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.3523 (35.2%)
Percentile: 97.1%
EPSS: 2026-05-06
Affects
apache:http_servermicrosoft:windowsTechnical description
Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests.
Published: 7/20/2014, 11:12:50 AM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://httpd.apache.org/security/vulnerabilities_24.html
- http://marc.info/?l=bugtraq&m=143748090628601&w=2
- http://marc.info/?l=bugtraq&m=144050155601375&w=2
- http://rhn.redhat.com/errata/RHSA-2016-2957.html
- http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/winnt/child.c
- http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/winnt/child.c?r1=1608785&r2=1610652&diff_format=h
- http://www.securityfocus.com/bid/68747
- https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E