Some vulnerabilities have been reported in Apache HTTP Server, which can be exploited by malicious people to gain access to potentially sensitive information, cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

1) The "ap_proxy_ajp_request()" function in modules/proxy/mod_proxy_ajp.c of the mod_proxy_ajp module returns the "HTTP_INTERNAL_SERVER_ERROR" error code when processing certain malformed requests. This can be exploited to put the backend server into an error state until the retry timeout expired by sending specially crafted requests.

2) The mod_isapi module unloads ISAPI modules before the request processing is complete, potentially leaving orphaned callback pointers behind. This can be exploited by sending a specially crafted request followed by a reset packet.

Successful exploitation may allow the execution of arbitrary code with SYSTEM privileges on Windows systems.

3) An error exists within the header handling when processing subrequests, which can lead to sensitive information from a request being handled by the wrong thread if a multi-threaded Multi-Processing Module (MPM) is used.

Vulnerabilities #1 and #3 are reported in version 2.2.0, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.8, 2.2.9, 2.2.11, 2.2.12, 2.2.13, and 2.2.14.

Solution
Update to version 2.2.15.

Provided and/or discovered by
1) The vendor credits Niku Toivola of Sulake Corporation.
2) Brett Gervasoni, SOS Labs.
3) Reported in a bug report by Philip Pickett

Changelog
Further details available in Customer Area

Original Advisory
Apache:
http://httpd.apache.org/security/vulnerabilities_22.html
http://svn.apache.org/viewvc?view=revision&revision=917875
http://svn.apache.org/viewvc?view=revision&revision=917870
https://issues.apache.org/bugzilla/show_bug.cgi?id=48359

SOS Labs:
2) http://www.senseofsecurity.com.au/advisories/SOS-10-002

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area