CVE-2011-3348

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.2.21

Description The issue arises when the mod proxy ajp module is used in conjunction with mod proxy balancer in specific configurations, allowing remote attackers to cause a temporary denial of service in the backend server. This can be achieved by sending certain malformed HTTP requests, which puts the backend server into an error state until the retry timeout expires.

Recommendations For Apache HTTP Server versions prior to 2.2.21, update to version 2.2.21 or later to resolve the issue. As a temporary workaround, consider restricting the use of the mod proxy ajp module when used with mod proxy balancer to minimize the risk of exploitation.