CVE-2010-0408
CVE-2010-0408
The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://httpd.apache.org/security/vulnerabilities_22.htmlhttp://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.htmlhttp://marc.info/?l=bugtraq&m=127557640302499&w=2https://bugzilla.redhat.com/show_bug.cgi?id=569905http://secunia.com/advisories/39100http://secunia.com/advisories/39501http://secunia.com/advisories/39628http://secunia.com/advisories/39632http://secunia.com/advisories/39656