Apache HTTP Server Mod_proxy_ajp Process Timeout DoS Vulnerability (Windows) Network Vulnerability

Summary

The host is running Apache HTTP Server and is prone to denial of service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service condition via an expensive request. Impact Level: Application

Solution

Apply patch or upgrade Apache HTTP Server 2.2.22 or later, For updates refer to http://svn.apache.org/viewvc?view=revision&revision=1227298 ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. *****

Insight

The flaw is due to an error in the mod_proxy_ajp module, which places a worker node into an error state upon detection of a long request-processing time.

Affected

Apache HTTP Server version 2.2.12 through 2.2.21

References

http://httpd.apache.org/security/vulnerabilities_22.html#2.2.22
http://svn.apache.org/viewvc?view=revision&revision=1227298
https://bugzilla.redhat.com/show_bug.cgi?id=871685

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4557

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

httpdx Space Character Remote File Disclosure Vulnerability
Boa Webserver Terminal Escape Sequence in Logs Command Injection Vulnerability
IBM WebSphere Application Server (WAS) Multiple Vulnerabilities
Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
F*EX (Frams's Fast File EXchange) Multiple XSS Vulnerabilities

Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)

Take action and discover your vulnerabilities