Apache mod_jk < 1.2.1 Chunked Encoding DoS

high Nessus Network Monitor Plugin ID 1510

Synopsis

The remote server is running a web server that is affected by a vulnerability

Description

The remote Apache server is running a version of mod_jk which is vulnerable in the way it processes chunked encoded requests. This may allow an attacker to desynchronise Apache and Tomcat which would prevent this host from running properly.

Solution

Upgrade to mod_jk 1.2.1 or higher.

See Also

http://archives.neohapsis.com/archives/bugtraq/2002-12/0045.html

Plugin Details

Severity: High

ID: 1510

Family: Web Servers

Published: 8/18/2004

Updated: 3/6/2019

Nessus ID: 11519

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:apache:http_server

Reference Information

CVE: CVE-2002-2272

BID: 6320