Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities

Information

Severity

Severity

Medium

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

6.4

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

18 years ago

Modified

Modified

5 years ago

Share

Summary

The remote host appears to be running a version of Apache 2.x which is older than 2.0.50.

Insight

Insight

There is denial of service in apache httpd 2.0.x by sending a specially crafted HTTP request. It is possible to consume arbitrary amount of memory. On 64 bit systems with more than 4GB virtual memory this may lead to heap based buffer overflow. There is also a denial of service vulnerability in mod_ssl's ssl_io_filter_cleanup function. By sending a request to vulnerable server over SSL and closing the connection before the server can send a response, an attacker can cause a memory violation that crashes the server.

Solution

Solution

Upgrade to Apache/2.0.50 or newer

Common Vulnerabilities and Exposures (CVE)

References