The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Http_server | Apache | 2.2.12 (including) | 2.2.12 (including) |
Http_server | Apache | 2.2.13 (including) | 2.2.13 (including) |
Http_server | Apache | 2.2.14 (including) | 2.2.14 (including) |
Http_server | Apache | 2.2.15 (including) | 2.2.15 (including) |
Http_server | Apache | 2.2.16 (including) | 2.2.16 (including) |
Http_server | Apache | 2.2.17 (including) | 2.2.17 (including) |
Http_server | Apache | 2.2.18 (including) | 2.2.18 (including) |
Http_server | Apache | 2.2.19 (including) | 2.2.19 (including) |
Http_server | Apache | 2.2.20 (including) | 2.2.20 (including) |
Http_server | Apache | 2.2.21 (including) | 2.2.21 (including) |