Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host appears to be running a version of Apache 2.x which is older than 2.0.50.
Insight
Insight
There is denial of service in apache httpd 2.0.x by sending a specially crafted HTTP request. It is possible to consume arbitrary amount of memory. On 64 bit systems with more than 4GB virtual memory this may lead to heap based buffer overflow. There is also a denial of service vulnerability in mod_ssl's ssl_io_filter_cleanup function. By sending a request to vulnerable server over SSL and closing the connection before the server can send a response, an attacker can cause a memory violation that crashes the server.
Solution
Solution
Upgrade to Apache/2.0.50 or newer