Apache Httpd < 2.0.61: mod_proxy crash

2006-12-10T00:00:00
ID HTTPD:E70448558565C41C8B5E18BEFF066AAF
Type httpd
Reporter Apache Team Foundation
Modified 2007-09-07T00:00:00

Description

A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module.