Rule Category

SERVER-APACHE -- Snort has detected traffic exploiting vulnerabilities in Apache servers.

Alert Message

SERVER-APACHE Apache mod_cache denial of service attempt

Rule Explanation

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. Impact: CVSS base score 5.0 CVSS impact score 2.9 CVSS exploitability score 10.0 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE Details: Ease of Attack:

What To Look For

This rule will alert when an attempt to exploit a denial of service condition in Apache is detected.

Known Usage

No public information

False Positives

No known false positives

Contributors

Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].

Rule Groups

No rule groups

CVE

Rule Vulnerability

Denial of Service

Denial of Service attacks aim to make a server or program unresponsive for users. These attacks may be volume-based, to overwhelm the system, or they may use certain logical flaws in the software to cut the service off from the users. The attack may come from one or multiple sources. These attacks do not usually lead to a remote code execution. Volume based attacks are best handled using a firewall application.

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2007-1863
Loading description

MITRE ATT&CK Framework

Tactic: Impact

Technique: Network Denial of Service

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org