Apache HTTP Server Mod_proxy_ajp Process Timeout DoS Vulnerability (Windows) Network Vulnerability

Summary

The host is running Apache HTTP Server and is prone to denial of service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service condition via an expensive request. Impact Level: Application

Solution

Apply patch or upgrade Apache HTTP Server 2.2.22 or later, For updates refer to http://svn.apache.org/viewvc?view=revision&revision=1227298 ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. *****

Insight

The flaw is due to an error in the mod_proxy_ajp module, which places a worker node into an error state upon detection of a long request-processing time.

Affected

Apache HTTP Server version 2.2.12 through 2.2.21

References

http://httpd.apache.org/security/vulnerabilities_22.html#2.2.22
http://svn.apache.org/viewvc?view=revision&revision=1227298
https://bugzilla.redhat.com/show_bug.cgi?id=871685

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-4557

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Tomcat Multiple Vulnerabilities January 2010
Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)
Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities
IIS 5.0 Sample App reveals physical path of web root

Take action and discover your vulnerabilities