Apache Team FoundationHTTPD:89FD39DC3FD86540AE629A64C17F3F54Apache Httpd < 2.0.51 : Malicious SSL proxy can cause crash
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.057 Low
EPSS
Percentile
93.3%
An issue was discovered in the mod_ssl module in Apache 2.0.44-2.0.50 which could be triggered if the server is configured to allow proxying to a remote SSL server. A malicious remote SSL server could force an httpd child process to crash by sending a carefully crafted response header. This issue is not believed to allow execution of arbitrary code and will only result in a denial of service where a threaded process model is in use.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache httpd | eq | 2.0.50 | |
| apache httpd | eq | 2.0.49 | |
| apache httpd | eq | 2.0.48 | |
| apache httpd | eq | 2.0.47 | |
| apache httpd | eq | 2.0.46 | |
| apache httpd | eq | 2.0.45 | |
| apache httpd | eq | 2.0.44 |
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.057 Low
EPSS
Percentile
93.3%