Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache 2.2 < 2.2.20 Multiple Vulnerabilities

High

Synopsis

The remote web server is vulnerable to a denial of service attack.

Description

Versions of Apache 2.2 earlier than 2.2.20 are potentially affected by a denial of service vulnerability. Making a series of HTTP requests with overlapping ranges in the Range or Request-Range request headers can result in memory and CPU exhaustion. A remote, unauthenticated attacker could exploit this flaw to make the system unresponsive.

Solution

Upgrade to Apache version 2.2.20 or later or use one of the workarounds in Apache's advisories for CVE-2011-3192.