Lucene search

K
httpdApache Team FoundationHTTPD:C7877AFCB6DEB5CFB770011B4B04435D
HistoryMay 04, 2010 - 12:00 a.m.

Apache Httpd < 2.0.64 : mod_cache and mod_dav DoS

2010-05-0400:00:00
Apache Team Foundation
httpd.apache.org
6

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.23 Low

EPSS

Percentile

96.6%

A flaw was found in the handling of requests by mod_cache (2.2) and mod_dav (2.0 and 2.2). A malicious remote attacker could send a carefully crafted request and cause a httpd child process to crash. This crash would only be a denial of service if using the worker MPM. This issue is further mitigated as mod_dav is only affected by requests that are most likely to be authenticated, and mod_cache is only affected if the uncommon “CacheIgnoreURLSessionIdentifiers” directive, introduced in version 2.2.14, is used.

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.23 Low

EPSS

Percentile

96.6%