CVE-2010-0408

Priority
Description
The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in
the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain
situations in which a client sends no request body, which allows remote
attackers to cause a denial of service (backend server outage) via a
crafted request, related to use of a 500 error code instead of the
appropriate 400 error code.
Notes
 mdeslaur> Apache 2.0 doesn't have mod_proxy_ajp
Package
Upstream:released (2.2.15)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=917876
More Information

Updated: 2019-03-19 11:52:23 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)