Intrusion Prevention

Apache.mod_cache.DoS

Description

This indicates an attack attempt to exploit a Denial of Service vulnerability in Apache HTTP Server.
The issue is caused by an error in the vulnerable software when handling a malicious HTTP request where the "s-maxage" or "min-fresh" Cache Control headers do not have a value. It may allow remote attackers to crash vulnerable systems by sending a crafted HTTP request.

Affected Products

Apache Software Foundation Apache 2.2.4 and earlier.

Impact

System Compromise: Remote attackers can crash vulnerable systems.

Recommended Actions

Refer to the vendor's web site for a suggested workaround.
http://httpd.apache.org/security/vulnerabilities_13.html

CVE References

CVE-2007-1863