Teguh P. Alko

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server version 2.4.10 **Description** The issue allows remote FastCGI servers to cause a denial of service, resulting in a buffer over-read and daemon crash, via long response headers. This is due to an out-of-bounds memory read in the mod proxy fcgi module. A malicious FastCGI server could send a carefully crafted response, leading to a crash when reading past the end of a heap memory or stack buffer. **Recommendations** For Apache HTTP Server version 2.4.10, consider disabling the handle headers function in the mod proxy fcgi module as a temporary workaround until a patch is available. Restrict access to the mod proxy fcgi module to minimize the risk of exploitation.