DELETED WEB-MISC Apache http server mod_proxy http request crafted date handling denial of service attempt
The date handling code in modules/proxy/proxyutil.c (modproxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
CVSS base score 5.0
CVSS impact score 2.9
CVSS exploitability score 10.0
Ease of attack
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
- Talos research team.
- This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
- For more information see nvd.