Rapid7 Vulnerability & Exploit Database

Apache HTTPD: Worker MPM memory leak (CVE-2005-2970)

Back to Search

Apache HTTPD: Worker MPM memory leak (CVE-2005-2970)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
10/25/2005
Created
07/25/2018
Added
04/12/2012
Modified
02/13/2015

Description

The affected asset is vulnerable to this vulnerability ONLY if the worker MPM thread model is used. Review your web server configuration for validation. A memory leak in the worker MPM would allow remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. This issue was downgraded in severity to low (from moderate) as sucessful exploitation of the race condition would be difficult.

Solution(s)

  • apache-httpd-upgrade-2_0_55

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;