CVE-2005-2728

Name of the Vulnerable Software and Affected Versions Apache versions prior to 2.0.54

Description The issue allows remote attackers to cause a denial of service due to memory consumption. This can be achieved via an HTTP header with a large Range field. A flaw in the byte-range filter causes some responses to be buffered into memory. If a server has a dynamic resource, such as a CGI script or PHP script, which generates a large amount of data, an attacker could send carefully crafted requests to consume resources, potentially leading to a Denial of Service.

Recommendations For Apache versions prior to 2.0.54, update to version 2.0.54 or later to resolve the issue. As a temporary workaround, consider restricting access to dynamic resources such as CGI scripts or PHP scripts to minimize the risk of exploitation. Avoid using large Range fields in HTTP headers until the issue is resolved.