mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Http_server | Apache | 2.0.35 (including) | 2.0.51 (excluding) |
Red Hat Enterprise Linux 3 | RedHat | httpd-0:2.0.46-38.ent | * |
Apache2 | Ubuntu | dapper | * |
Apache2 | Ubuntu | devel | * |
Apache2 | Ubuntu | edgy | * |
Apache2 | Ubuntu | feisty | * |