|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-06-27 | |
| Rule Name: | Apache HTTPD mod_log_config Cookie Handling Denial of Service Vulnerability (CVE-2012-0021) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value. | |
| Impact: | An attacker can launch a denial of service attack by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://marc.info/?l=bugtraq&m=133294460209056&w=2 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: http://svn.apache.org/viewvc?view=revision&revision;=1227292 |