Rule Category

SERVER-APACHE -- Snort has detected traffic exploiting vulnerabilities in Apache servers.

Alert Message

SERVER-APACHE Apache mod_rpaf X-Forwarded-For header denial of service attempt

Rule Explanation

The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request. Impact: CVSS base score 5.0 CVSS impact score 2.9 CVSS exploitability score 10.0 confidentialityImpact NONE integrityImpact NONE availabilityImpact NONE Details: Ease of Attack:

What To Look For

The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request..

Known Usage

No public information

False Positives

No known false positives

Contributors

Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].

Rule Groups

No rule groups

CVE

Rule Vulnerability

Denial of Service

Denial of Service attacks aim to make a server or program unresponsive for users. These attacks may be volume-based, to overwhelm the system, or they may use certain logical flaws in the software to cut the service off from the users. The attack may come from one or multiple sources. These attacks do not usually lead to a remote code execution. Volume based attacks are best handled using a firewall application.

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2012-3526
Loading description

MITRE ATT&CK Framework

Tactic: Impact

Technique: Endpoint Denial of Service

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org