CVE-2008-2364
EPSS 2.2%
Description
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
How to fix CVE-2008-2364
To remediate CVE-2008-2364, upgrade the affected package to a fixed version below.
- Debian/apache2—upgrade to 2.2.9-1 or later
Is CVE-2008-2364 being exploited?
Low — EPSS is 2.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.2.9-1