A denial of service vulnerability has been found in the way the multiple
overlapping ranges are handled by the Apache HTTPD server:
An attack tool is circulating in the wild. Active use of this tools has been observed. The attack can be done remotely and with a modest number of requests can cause very significant memory and CPU usage on the server.
This alert was generated using only banner information. It may be a false positive.
Affected Apache versions (1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19).
- Upgrade to the latest version of Apache HTTP Server (2.2.20 or later), available from the Apache HTTP Server Project Web site.
- WordPress Plugin WP-Members Membership Unspecified Vulnerability (188.8.131.52)
- WordPress Plugin WP GPX Maps 'wp-gpx-maps_admin_tracks.php' Arbitrary File Upload (1.1.22)
- WordPress Plugin Eu Cookie Notice Cross-Site Request Forgery (1.0.6)
- WordPress Plugin WordApp Mobile App-Convert your WordPress Site to a Mobile App Cross-Site Scripting (2.0.3)
- WordPress Plugin WP Silverlight Media Player Cross-Site Scripting (0.8)