Lucene search

K
httpdApache Team FoundationHTTPD:2CFBCF43507D5A77B05B49EE4D573583
HistorySep 07, 2011 - 12:00 a.m.

Apache Httpd < 2.2.21 : mod_proxy_ajp remote DoS

2011-09-0700:00:00
Apache Team Foundation
httpd.apache.org
18

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.248 Low

EPSS

Percentile

96.7%

A flaw was found when mod_proxy_ajp is used together with mod_proxy_balancer. Given a specific configuration, a remote attacker could send certain malformed HTTP requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service.

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.248 Low

EPSS

Percentile

96.7%