July 14, 2014, several security flaws have been published about the servers using Apache2. This flaw has been published in a DSA (Debian Security Advisory).
- What is it allows?
This flaw allows three denial of different service types which are:
- CVE-2014-0118 for mod_deflate: allows denial of service through a forged query that was decompresses to a size well more great,
- CVE-2014-0226 for mod_status: allows a denial of service via sending forged request on a public status page,
- CVE-2014-0231 concerning mod_cgid: allows denial of service for CGI scripts not using standard input.
Since when does it exist?
Here is a State of the impact for each of the flaws as well as major dates:
- CVE-2014-0118:
- Impact: of 2.4.1 to 2.4.4 and 2.4.6 to 2.4.9
- Discovery: February 19, 2014
- Published: 14 July 2014
- CVE-2014-0226:
- Impact: of 2.4.1 to 2.4.4 and 2.4.6 to 2.4.9
- Discovery: May 30, 2014
- Published: 14 July 2014
- CVE-2014-0231:
- Impact: of 2.4.1 to 2.4.4 and 2.4.6 to 2.4.9
- Discovery: June 16, 2014
- Published: 14 July 2014
How to fix the?
Most linux distributions have released a patch. Just do your updates via the package manager. More information can be found on the following links:
< br / >We remind you that it is recommended to regularly update your applications and services, to guarantee their stability and security. < br / > We also recommend setting up type firewall protection, in order to prevent illicit access to the server. < br / > If you have a shared service or managed, know that our teams have already complied. Our technical support is at your disposal for any additional application.
Tags:
Visit 
Naxos
Markethings
DataTourisme
Add new comment