CVE-2014-3523
Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.3523 (35.2%)
Percentil: 97.1%
EPSS: 2026-05-06
Afecta
apache:http_servermicrosoft:windowsDescripción técnica
Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted requests.
Publicada: 20/7/2014, 11:12:50
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://httpd.apache.org/security/vulnerabilities_24.html
- http://marc.info/?l=bugtraq&m=143748090628601&w=2
- http://marc.info/?l=bugtraq&m=144050155601375&w=2
- http://rhn.redhat.com/errata/RHSA-2016-2957.html
- http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/winnt/child.c
- http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm/winnt/child.c?r1=1608785&r2=1610652&diff_format=h
- http://www.securityfocus.com/bid/68747
- https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E