Update Protection against Apache HTTP Server mod_cache Module Denial of Service Vulnerability
| Check Point Reference: | CPAI-2008-013 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA25830 | |
| Industry Reference(s): | CVE-2007-1863 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Apache Software Foundation HTTP Server 2.2.x Apache Software Foundation HTTP Server 2.0.x | ||
| Vulnerability Description A denial of service vulnerability was reported in the mod_cache module of the Apache HTTP Server. Apache is a popular web server available for a wide variety of operating systems. The mod_cache module is one of the official plug-in modules for Apache. An attacker may exploit this vulnerability to create a denial of service condition on an affected system. |
||
|
Vulnerability Details The vulnerability is due to an error in the mod_cache module that fails to properly handle specially crafted Cache-Control headers. A remote attacker can exploit this issue by specially crafting a malicious HTTP request and sending it an affected server. Successful exploitation may create a denial of service condition on the target host. |
Protection Overview
By enabling this protection, SmartDefense will detect and block any attempt to exploit this vulnerability.
In order for the protection to be activated, update your VPN-1/InterSpect/Connectra product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.