The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2016-04-15T14:00:00
Updated: 2016-04-15T13:57:01
Reserved: 2016-01-29T00:00:00
Link: CVE-2016-2146
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-04-15T14:59:12.083
Modified: 2016-04-25T13:58:22.127
Link: CVE-2016-2146
JSON object: View
Redhat Information
No data.
CWE