DSA-2035 apache2 -- multiple issuesID: oval:org.mitre.oval:def:7161 | Date: (C)2010-05-24 (M)2024-02-19 |
Class: PATCH | Family: unix |
Two issues have been found in the Apache HTTPD web server: mod_proxy_ajp would return the wrong status code if it encountered an error, causing a backend server to be put into an error state until the retry timeout expired. A remote attacker could send malicious requests to trigger this issue, resulting in denial of service. A flaw in the core subrequest process code was found, which could lead to a daemon crash or disclosure of sensitive information if the headers of a subrequest were modified by modules such as mod_headers.