Vulnerability identifier: #VU10953
Vulnerability risk: Low
Exploitation vector: Local network
Exploit availability: No
Vendor: Apache Foundation
The vulnerability allows an adjacent unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the mod_cluster module due to improper input validation by the protocol parsing logic in the mod_cluster module. An adjacent attacker can send a specially crafted request, trigger a segmentation fault in the serving httpdprocess and cause the service to crash.
Update to version 2.4.23.
Vulnerable software versions
Apache HTTP Server: 18.104.22.168 - 2.4.22
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?