Description
Cytrix has detected that the Version of Apache HTTP Server being used is vulnerable to Denial of Service (DoS) attack through Win32 and OS2 ports. Also known as CVE-2001-1342.
By abusing the Win32 and OS2 ports of your Apache’s version, remote attackers could cause a Denial of Service through GPF.
By crafting an HTTP request for a URI that contains a large number of ‘ / ‘ (slash), or, any other characters.
That may cause certain functions to dereference a null pointer.
It may lead to a decrease in performance and interruptions in the availability of resources.
NULL Pointer Dereference (CWE-476) occurs when the application dereferences a pointer that it expects to be valid, but is actually NULL.
Recommendation
To fix CVE-2001-1342, upgrade the version of Apache HTTP Server being used to 1.3.20.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1342