mod_jk Chunked Encoding DoS (deprecated)

High Nessus Network Monitor Plugin ID 1571

Synopsis

The remote host is using a version of the Apache mod_jk module which is older than 1.2.1.

Description

The remote host is using a version of the Apache mod_jk module which is older than 1.2.1. There is a bug in this version which may allow an attacker to use chunked encoding requests to desynchronize Apache and Tomcat and therefore prevent this host from working properly.

Solution

Upgrade to mod_jk 1.2.1 or higher.

See Also

http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html

Plugin Details

Severity: High

ID: 1571

Family: Web Servers

Published: 2004/08/20

Modified: 2015/06/01

Dependencies: 3057

Nessus ID: 11519

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Reference Information

CVE: CVE-2002-2272

BID: 6320