Apache Httpd < None: mod_proxy_ajp DoS

2010-02-02T00:00:00
ID HTTPD:AA72D9B6F58E19B881EF05A5456DBC50
Type httpd
Reporter We would like to thank Niku Toivola of Sulake Corporation for reporting and proposing a patch fix for this issue.
Modified 2010-03-02T00:00:00

Description

mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service.