SynopsisThe remote web server is vulnerable to multiple attack vectors.
DescriptionVersions of Apache 2.2 earlier than 2.2.17 are potentially affected by multiple vulnerabilities :
- Errors exist in the bundled expat library that may allow an attacker to crash the server when a buffer is over-read when parsing an XML document. (CVE-2009-3720 and CVE-2009-3560)
- An error exists in the 'apr_brigade_split_line' function in the bundled APR-util library. Carefully timed bytes in requests result in gradual memory increases leading to a denial of service. (CVE-2010-1623)
IAVA Reference : 2012-A-0020
STIG Finding Severity : Category I
SolutionEither ensure the affected module is not in use or upgrade to Apache version 2.2.17 or later.