Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3526

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-3526
Last Modified 01 Mar 2013 11:44:13
Published 05 Sep 2012 07:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3526

Summary

The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.

Vulnerable Systems

Application

  • Thomas Eibner Mod Rpaf 0.5

  • Thomas Eibner Mod Rpaf 0.6


References

MISC - http://zecrazytux.net/troubleshooting/apache2-segfault-debugging-tutorial

MLIST - [oss-security] 20120822 Re: CVE Request: Apache mod RPAF denial of service

MLIST - [oss-security] 20120822 CVE Request: Apache mod RPAF denial of service

DEBIAN - DSA-2532

SECUNIA - 50400

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683984

BID - 55154

XF - modrpaf-apache-dos(77987)


Last Updated: 27 May 2016 10:57:38