icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Apache 2.2 < 2.2.21 mod_proxy_ajp DoS

High

Synopsis

The remote web server is vulnerable to a denial of service attack.

Description

Versions of Apache 2.2 earlier than 2.2.21 are potentially affected by a denial of service vulnerability. An error exists in the mod_proxy_ajp module that can allow specially crafted HTTP requests to cause a backend server to temporarily enter an error state. This vulnerability only occurs when mod_proxy_ajp is used along with mod_proxy_balancer.

Solution

Upgrade to Apache version 2.2.21 or later.