Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0021

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2012-0021
Last Modified 10 Oct 2013 11:40:11
Published 27 Jan 2012 11:05:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-0021

Summary

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.

Vulnerable Systems

Application

  • Apache Http Server 2.2.17

  • Apache Http Server 2.2.18

  • Apache Http Server 2.2.19

  • Apache Http Server 2.2.20

  • Apache Http Server 2.2.21


References

CONFIRM - https://issues.apache.org/bugzilla/show_bug.cgi?id=52256

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=785065

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1227292

CONFIRM - http://httpd.apache.org/security/vulnerabilities_22.html

HP - SSRT100877

HP - HPSBMU02786

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

SECUNIA - 48551

CONFIRM - http://support.apple.com/kb/HT5501

APPLE - APPLE-SA-2012-09-19-2

MANDRIVA - MDVSA-2013:150

Related Patches

Apple 2012-09-19 Mac OS X Server 10.7.5 Update

Apple 2012-09-19 Mac OS X 10.7.5 Update

Apple 2012-09-19 Mac OS X Server 10.7.5 Combo Update

Apple 2012-09-19 Mac OS X 10.7.5 Combo Update

Apple 2012-09-19 Security Update 2012-004 Server (Snow Leopard)

Apple 2012-09-19 Security Update 2012-004 (Snow Leopard)

Novell SUSE 2013:7409 apache2 security update for SLES 11 SP2 i586

Novell SUSE 2013:7409 apache2 security update for SLES 11 SP2 x86_64


Last Updated: 27 May 2016 10:56:27