Apache HTTP Server Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Apache HTTP Server, which can be exploited by malicious people to gain access to potentially sensitive information, cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

1. Due to the "ap_proxy_ajp_request()" function in modules/proxy/mod_proxy_ajp.c of the mod_proxy_ajp module returns the "HTTP_INTERNAL_SERVER_ERROR" error code when processing certain malformed requests. This can be exploited to put the backend server into an error state until the retry timeout expired by sending specially crafted requests.

2. Due to the mod_isapi module unloads ISAPI modules before the request processing is complete, potentially leaving orphaned callback pointers behind. This can be exploited by sending a specially crafted request followed by a reset packet.Successful exploitation may allow the execution of arbitrary code with SYSTEM privileges on Windows systems.

3. Due to an error exists within the header handling when processing subrequests, which can lead to sensitive information from a request being handled by the wrong thread if a multi-threaded Multi-Processing Module (MPM) is used.