• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apache mod_ssl Denial Of Service Vulnerability

Apache mod_ssl is reported susceptible to a denial of service vulnerability.

This issue presents itself during SSL connections to a vulnerable Apache server. The affected software may enter into an infinite loop in certain circumstances. This will consume CPU resources and potentially cause further connections to the affected server to fail.


All Apache versions from 2.0 through to 2.0.50 are reported vulnerable.

Update: Avaya has released an advisory identifying Avaya S8700/S8500/S8300 running CM 2.0 and later, and all versions of Avaya Converged Communication Server as vulnerable to this issue.