A vulnerability has been reported in Apache HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within the processing of malformed HTTP requests in mod_proxy_ajp when being used in combination with mod_proxy_balancer. This can be exploited to put a backend server into an error state by sending specially crafted HTTP requests, resulting in a temporary DoS until the retry timeout expires.
The vulnerability is reported in versions 2.2.12, 2.2.13, 2.2.14, 2.2.15, 2.2.16, 2.2.17, 2.2.18, 2.2.19, and 2.2.20.
Solution: Update to version 2.2.21.
Provided and/or discovered by: Reported by the vendor.
Original Advisory: http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Apache HTTP Server mod_proxy_ajp Denial of Service Vulnerability