Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability

Apache HTTP Server is prone to a remote denial-of-service vulnerability.

Remote attackers can exploit this issue to exhaust the memory; resulting in a denial-of-service condition.

Apache versions 2.4.23, 2.4.20, 2.4.18, 2.4.17, 2.4.16, 2.4.12, 2.4.10, 2.4.9, 2.4.7, 2.4.6, 2.4.4, 2.4.3, 2.4.2, and 2.4.1 are vulnerable.

Information

Bugtraq ID: 95076
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2016-2161

Remote: Yes
Local: No
Published: Dec 20 2016 12:00AM
Updated: Apr 17 2017 12:05AM
Credit: Maksim Malyutin
Vulnerable: Redhat Enterprise Linux Workstation Optional 7
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Server Optional 7
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux ComputeNode Optional 7
Redhat Enterprise Linux Client Optional 7
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
Apple macOS 10.12.3
Apache Apache 2.4.23
Apache Apache 2.4.20
Apache Apache 2.4.18
Apache Apache 2.4.17
Apache Apache 2.4.16
Apache Apache 2.4.14
Apache Apache 2.4.12
Apache Apache 2.4.10
Apache Apache 2.4.4
Apache Apache 2.4.9
Apache Apache 2.4.7
Apache Apache 2.4.6
Apache Apache 2.4.3
Apache Apache 2.4.2
Apache Apache 2.4.1

Not Vulnerable: Apple Security Update 2017-001 Yosemite 0
Apple Security Update 2017-001 El Capitan 0
Apple macOS 10.12.4
Apache Apache 2.4.25

References:

• Apache Homepage (Apache Software Foundation)
  
• Apache httpd 2.4 vulnerabilities (Apache Software Foundation)
  
• Bug 1406753 - (CVE-2016-2161) CVE-2016-2161 httpd: DoS vulnerability in mod_auth (Red Hat Bugzilla)
  

Source: www.securityfocus.com