LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

apache2: denial of service

Package(s):apache2 CVE #(s):CVE-2012-4557
Created:November 30, 2012 Updated:December 5, 2012
Description:

From the Debian advisory:

A flaw was found when mod_proxy_ajp connects to a backend server that takes too long to respond. Given a specific configuration, a remote attacker could send certain requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service.

Alerts:
Debian DSA-2579-1 2012-11-30
openSUSE openSUSE-SU-2013:0243-1 2013-02-05
openSUSE openSUSE-SU-2013:0248-1 2013-02-05
Red Hat RHSA-2013:0512-02 2013-02-21
Oracle ELSA-2013-0512 2013-02-25
Scientific Linux SL-http-20130228 2013-02-28
CentOS CESA-2013:0512 2013-03-09
Ubuntu USN-1765-1 2013-03-18
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds