Vulnerability description

A denial of service vulnerability is present in some HTTP servers.

How to fix this Apache vulnerability

1) Ensure your Apache is supports the reqtimeout module

• mod_reqtimeout Module is available in Apache 2.2.15 and later.
• mod_reqtimeout module defaulted to disabled in version 2.3.14 and earlier.

2) Add Below entries into httpd.conf file:

LoadModule reqtimeout_module /usr/lib64/apache2-prefork/mod_reqtimeout.so
<IfModule reqtimeout_module>
	RequestReadTimeout header=10-20,minrate=500
	RequestReadTimeout body=10,minrate=500
</IfModule>

3) Restart Apache Service:

/etc/init.d/apache2 restart