Intrusion Prevention



This indicates an attack attempt to exploit a Denial of Service vulnerability in Apache HTTP Server.
The issue is caused by an error in the vulnerable software when handling a malicious HTTP request where the "s-maxage" or "min-fresh" Cache Control headers do not have a value. It may allow remote attackers to crash vulnerable systems by sending a crafted HTTP request.

Affected Products

Apache Software Foundation Apache 2.2.4 and earlier.


System Compromise: Remote attackers can crash vulnerable systems.

Recommended Actions

Refer to the vendor's web site for a suggested workaround.

CVE References