Apache Httpd < None: mod_proxy_ajp remote DoS

2011-09-07T00:00:00
ID HTTPD:EE2D6B6755921C89B07CAD39A4FCBB1F
Type httpd
Reporter Apache Team Foundation
Modified 2011-09-14T00:00:00

Description

A flaw was found when mod_proxy_ajp is used together with mod_proxy_balancer. Given a specific configuration, a remote attacker could send certain malformed HTTP requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service.