Описание
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
Отчет
This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 4 and 5 as this flaw was introduced in version 2.2.12.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | httpd | Not affected | ||
| Red Hat Enterprise Linux 5 | httpd | Not affected | ||
| Red Hat Enterprise Linux 6 | httpd | Fixed | RHSA-2011:1391 | 20.10.2011 |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 5 | httpd | Fixed | RHSA-2012:0542 | 07.05.2012 |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 6 | httpd | Fixed | RHSA-2012:0542 | 07.05.2012 |
| Red Hat JBoss Web Server 1.0 | Fixed | RHSA-2012:0543 | 07.05.2012 |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS2
Связанные уязвимости
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when ...
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
ELSA-2011-1391: httpd security and bug fix update (MODERATE)
5 Medium
CVSS2