Apache HTTP Server mod_proxy Denial Of Service Vulnerability

2014-07-18T00:00:00
ID ZDI-14-239
Type zdi
Reporter AKAT-1 22733db72ab3ed94b5f8a1ffcde850251fe6f466 Marek Kroemeke
Modified 2014-11-09T00:00:00

Description

This vulnerability allows remote attackers to cause a denial of service condition on vulnerable installations of Apache HTTP Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the mod_proxy module. The issue lies in the processing of HTTP headers when an invalid request is made. An attacker can leverage this flaw to crash a remote instance of Apache HTTP server.