Signature Detail

HTTP: Apache HTTPD mod_proxy_ajp Denial Of Service

This signature detects attempts to exploit a known vulnerability against Apache HTTPD. A successful attack can result in a denial-of-service condition.

Extended Description

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.

Affected Products

• apache http_server 0.8.11
• apache http_server 0.8.14
• apache http_server 1.0
• apache http_server 1.0.2
• apache http_server 1.0.3
• apache http_server 1.0.5
• apache http_server 1.1
• apache http_server 1.1.1
• apache http_server 1.2
• apache http_server 1.2.4
• apache http_server 1.2.5
• apache http_server 1.2.6
• apache http_server 1.2.9
• apache http_server 1.3
• apache http_server 1.3.0
• apache http_server 1.3.1
• apache http_server 1.3.10
• apache http_server 1.3.11
• apache http_server 1.3.1.1
• apache http_server 1.3.12
• apache http_server 1.3.13
• apache http_server 1.3.14
• apache http_server 1.3.15
• apache http_server 1.3.16
• apache http_server 1.3.17
• apache http_server 1.3.18
• apache http_server 1.3.19
• apache http_server 1.3.2
• apache http_server 1.3.20
• apache http_server 1.3.22
• apache http_server 1.3.23
• apache http_server 1.3.24
• apache http_server 1.3.25
• apache http_server 1.3.26
• apache http_server 1.3.27
• apache http_server 1.3.28
• apache http_server 1.3.29
• apache http_server 1.3.3
• apache http_server 1.3.30
• apache http_server 1.3.31
• apache http_server 1.3.32
• apache http_server 1.3.33
• apache http_server 1.3.34
• apache http_server 1.3.35
• apache http_server 1.3.36
• apache http_server 1.3.37
• apache http_server 1.3.38
• apache http_server 1.3.39
• apache http_server 1.3.4
• apache http_server 1.3.41
• apache http_server 1.3.42
• apache http_server 1.3.5
• apache http_server 1.3.6
• apache http_server 1.3.65
• apache http_server 1.3.68
• apache http_server 1.3.7
• apache http_server 1.3.8
• apache http_server 1.3.9
• apache http_server 1.4.0
• apache http_server 1.99
• apache http_server 2.0
• apache http_server 2.0.28 (beta)
• apache http_server 2.0.32 (beta)
• apache http_server 2.0.34 (beta)
• apache http_server 2.0.35
• apache http_server 2.0.36
• apache http_server 2.0.37
• apache http_server 2.0.38
• apache http_server 2.0.39
• apache http_server 2.0.40
• apache http_server 2.0.41
• apache http_server 2.0.42
• apache http_server 2.0.43
• apache http_server 2.0.44
• apache http_server 2.0.45
• apache http_server 2.0.46
• apache http_server 2.0.47
• apache http_server 2.0.48
• apache http_server 2.0.49
• apache http_server 2.0.50
• apache http_server 2.0.51
• apache http_server 2.0.52
• apache http_server 2.0.53
• apache http_server 2.0.54
• apache http_server 2.0.55
• apache http_server 2.0.56
• apache http_server 2.0.57
• apache http_server 2.0.58
• apache http_server 2.0.59
• apache http_server 2.0.60
• apache http_server 2.0.61
• apache http_server 2.0.63
• apache http_server 2.0.9
• apache http_server 2.1
• apache http_server 2.1.1
• apache http_server 2.1.2
• apache http_server 2.1.3
• apache http_server 2.1.4
• apache http_server 2.1.5
• apache http_server 2.1.6
• apache http_server 2.1.7
• apache http_server 2.1.8
• apache http_server 2.1.9
• apache http_server 2.2
• apache http_server 2.2.0
• apache http_server 2.2.1
• apache http_server 2.2.10
• apache http_server 2.2.11
• apache http_server 2.2.12
• apache http_server 2.2.13
• apache http_server 2.2.14
• apache http_server 2.2.15
• apache http_server 2.2.16
• apache http_server 2.2.17
• apache http_server 2.2.18
• apache http_server 2.2.2
• apache http_server 2.2.3
• apache http_server 2.2.4
• apache http_server 2.2.6
• apache http_server 2.2.8
• apache http_server 2.2.9
• apache http_server up to 2.2.20

References

• BugTraq: 49616
• CVE: CVE-2011-3348