Lucene search

K
httpdApache Team FoundationHTTPD:2E324CC4C6C61757E316E26EF4DCB945
HistoryMay 04, 2010 - 12:00 a.m.

Apache Httpd < 2.2.16 : mod_cache and mod_dav DoS

2010-05-0400:00:00
Apache Team Foundation
httpd.apache.org
14

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.23 Low

EPSS

Percentile

96.6%

A flaw was found in the handling of requests by mod_cache (2.2) and mod_dav (2.0 and 2.2). A malicious remote attacker could send a carefully crafted request and cause a httpd child process to crash. This crash would only be a denial of service if using the worker MPM. This issue is further mitigated as mod_dav is only affected by requests that are most likely to be authenticated, and mod_cache is only affected if the uncommon “CacheIgnoreURLSessionIdentifiers” directive, introduced in version 2.2.14, is used.

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.23 Low

EPSS

Percentile

96.6%