Think you have a false positive on this rule?

Sid 1-13311

DELETED

Message

DELETED WEB-MISC Apache http server mod_proxy http response crafted date handling denial of service attempt

Summary

The date handling code in modules/proxy/proxyutil.c (modproxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.

Impact

CVSS base score 5.0 CVSS impact score 2.9 CVSS exploitability score 10.0 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE

Detailed information

Affected systems

  • apache http_server 2.3.0

Ease of attack

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • httpd.apache.org/security/vulnerabilities_20.html