CVE-2012-4557

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.2.12 through 2.2.21

Description The issue allows remote attackers to cause a denial of service by placing a worker node into an error state upon detection of a long request-processing time. This can be achieved via an expensive request. A flaw was found when the mod proxy ajp module connects to a backend server that takes too long to respond, potentially leading to a temporary denial of service.

Recommendations For Apache HTTP Server versions 2.2.12 through 2.2.21, consider disabling the mod proxy ajp module as a temporary workaround until a patch is available. Restrict access to the backend server to minimize the risk of exploitation. Avoid sending expensive requests to the affected server until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.