icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Apache < 2.0.50 Input Header Folding and mod_ssl DoS

Medium

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

The remote host is using a version of the Apache web server that is less than 2.0.50. This version is vulnerable to two (2) remote Denial of Service (DoS) attacks. The first issue stems from a failure to properly manage memory and could lead to the consumption of massive amounts of memory and, alledgedly,a potential heap overflow. The second issue stems from mod_ssl's inability to handle sessions that terminate before any bytes of data have been sent. This second flaw results in a memory violation that leads to a loss of availability to valid users.

Solution

Upgrade to Apache 2.0.50 or higher.