Chintan Trivedi has discovered a vulnerability in Apache, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the parsing routine for headers with a large amount of spaces. This can be exploited by sending some specially crafted requests with a large amount of overly long headers containing only spaces.
Successful exploitation can cause the server to become unreachable and use a large amount of CPU resources, but will regain functionality once the attack stops.
The vulnerability has been confirmed on version 2.0.52 running Linux.
Other versions may also be affected.
SOFTWARE:
Apache 2.0.x
SOLUTION:
If necessary filter access to the server.
PROVIDED AND/OR DISCOVERED BY:
Chintan Trivedi
http://community.securityteam.us/article.php/20041103170052414