CVE-2012-4557

The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.

🔗 References (46)

• secalert@redhathttp://httpd.apache.org/security/vulnerabilities_22.html#2.2.22
• secalert@redhathttp://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
• secalert@redhathttp://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
• secalert@redhathttp://marc.info/?l=bugtraq&m=136612293908376&w=2
• secalert@redhathttp://svn.apache.org/viewvc?view=revision&revision=1227298
• secalert@redhathttp://www.debian.org/security/2012/dsa-2579
• secalert@redhathttps://bugzilla.redhat.com/show_bug.cgi?id=871685
• secalert@redhathttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
• secalert@redhathttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
• secalert@redhathttps://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E
• secalert@redhathttps://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
• secalert@redhathttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
• secalert@redhathttps://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
• secalert@redhathttps://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E
• secalert@redhathttps://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E