Apache Httpd < 2.2.21: mod_proxy_ajp remote DoS

ID HTTPD:B67B5D5222FD4766C0D1088D7DFA1DB3
Type httpd
Reporter Apache Team Foundation
Modified 2011-09-14T00:00:00


A flaw was found when mod_proxy_ajp is used together with mod_proxy_balancer. Given a specific configuration, a remote attacker could send certain malformed HTTP requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service.