CVE-2010-1452

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.2.x through 2.2.15

Description A flaw in the handling of requests by the mod cache and mod dav modules allows remote attackers to cause a denial of service, resulting in a process crash, via a request that lacks a path. This issue is mitigated as mod dav is only affected by requests that are most likely to be authenticated, and mod cache is only affected if the uncommon "CacheIgnoreURLSessionIdentifiers" directive is used.

Recommendations For Apache HTTP Server versions 2.2.x through 2.2.15, update to version 2.2.16 or later to resolve the issue. As a temporary workaround, consider disabling the mod cache and mod dav modules until a patch is available. Restrict access to the affected modules to minimize the risk of exploitation. Avoid using the "CacheIgnoreURLSessionIdentifiers" directive in the mod cache module until the issue is resolved.