Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:24732
HistoryApr 10, 2020 - 1:03 a.m.

Denial Of Service (DoS)

2020-04-1001:03:06
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.248 Low

EPSS

Percentile

96.7%

httpd is vulnerable to denial of service (DoS). The vulnerability exists as it was discovered that mod_proxy_ajp incorrectly returned an “Internal Server Error” response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed.

CPENameOperatorVersion
httpdeq2.2.15__5.el6
httpdeq2.2.15__5.el6

References

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.248 Low

EPSS

Percentile

96.7%