The am_read_post_data function in mod_auth_mellon prior to 0.11.1 does not limit the amount of data read, which allows remote malicious users to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fedoraproject fedora 23 |
||
uninett mod auth mellon |