Apache mod_jk < 1.2.1 Chunked Encoding DoS

High Nessus Network Monitor Plugin ID 1510

Synopsis

The remote server is running a web server that is affected by a vulnerability

Description

The remote Apache server is running a version of mod_jk which is vulnerable in the way it processes chunked encoded requests. This may allow an attacker to desynchronise Apache and Tomcat which would prevent this host from running properly.

Solution

Upgrade to mod_jk 1.2.1 or higher.

See Also

http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html

Plugin Details

Severity: High

ID: 1510

File Name: 1510.prm

Family: Web Servers

Published: 2004/08/18

Modified: 2016/02/05

Dependencies: 3057

Nessus ID: 11519

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

CVSSv3

Base Score: 7.5

Temporal Score: 6.9

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:apache:http_server

Reference Information

CVE: CVE-2002-2272

BID: 6320

OSVDB: 34398, 7394