Apache · Apache Http Server · CVE-2010-0408
**Name of the Vulnerable Software and Affected Versions**
Apache HTTP Server versions 2.2.x through 2.2.14
**Description**
The issue allows remote attackers to cause a denial of service, resulting in a backend server outage. This occurs when a client sends a crafted request with no request body, causing the server to return a wrong status code. A remote attacker could exploit this by sending malicious requests, putting the backend server into an error state until the retry timeout expires.
**Recommendations**
For Apache HTTP Server versions 2.2.x through 2.2.14, update to version 2.2.15 or later to resolve the issue.