Apache Httpd < None: mod_proxy_ajp remote DoS

2012-10-11T00:00:00
ID HTTPD:E6DE13EF125BCE02B8A64FEA449BB9AC
Type httpd
Reporter Apache Team Foundation
Modified 2012-01-04T00:00:00

Description

A flaw was found when mod_proxy_ajp connects to a backend server that takes too long to respond. Given a specific configuration, a remote attacker could send certain requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service.