Vulnerability-Lookup

CVE-2012-0021 (GCVE-0-2012-0021)

Vulnerability from cvelistv5 – Published: 2012-01-28 02:00 – Updated: 2024-08-06 18:09

Summary

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

31 references

URL	Tags
http://svn.apache.org/viewvc?view=revision&revisi…	x_refsource_CONFIRM
http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2012-0543.html	vendor-advisoryx_refsource_REDHAT
http://marc.info/?l=bugtraq&m=133294460209056&w=2	vendor-advisoryx_refsource_HP
https://issues.apache.org/bugzilla/show_bug.cgi?i…	x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=785065	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=133294460209056&w=2	vendor-advisoryx_refsource_HP
http://rhn.redhat.com/errata/RHSA-2012-0542.html	vendor-advisoryx_refsource_REDHAT
http://httpd.apache.org/security/vulnerabilities_…	x_refsource_CONFIRM
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://support.apple.com/kb/HT5501	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
http://marc.info/?l=bugtraq&m=133494237717847&w=2	vendor-advisoryx_refsource_HP
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://secunia.com/advisories/48551	third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=133494237717847&w=2	vendor-advisoryx_refsource_HP
https://lists.apache.org/thread.html/8d63cb8e9100…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/f7f95ac1cd98…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r57608dc51b7…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rfbaf647d52c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf6449464fd8…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9ea3538f229…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9b4b963760a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r05b5357d1f6…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r1d201e3da31…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rdca61ae9906…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9f93cf6dde3…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rad01d817195…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r75cbe9ea3e2…	mailing-listx_refsource_MLIST

Date Public ?

2011-11-28 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:09:17.166Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1227292"
          },
          {
            "name": "HPSBMU02786",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "name": "MDVSA-2012:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:012"
          },
          {
            "name": "RHSA-2012:0543",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0543.html"
          },
          {
            "name": "SSRT100772",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=52256"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785065"
          },
          {
            "name": "HPSBMU02748",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2"
          },
          {
            "name": "RHSA-2012:0542",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0542.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://httpd.apache.org/security/vulnerabilities_22.html"
          },
          {
            "name": "APPLE-SA-2012-09-19-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5501"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
          },
          {
            "name": "SSRT100877",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "name": "HPSBUX02761",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2"
          },
          {
            "name": "MDVSA-2013:150",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
          },
          {
            "name": "48551",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48551"
          },
          {
            "name": "SSRT100823",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888194 [8/13] - /httpd/site/trunk/content/security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-11-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-06T10:07:32.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1227292"
        },
        {
          "name": "HPSBMU02786",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "name": "MDVSA-2012:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:012"
        },
        {
          "name": "RHSA-2012:0543",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0543.html"
        },
        {
          "name": "SSRT100772",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=52256"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785065"
        },
        {
          "name": "HPSBMU02748",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2"
        },
        {
          "name": "RHSA-2012:0542",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0542.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://httpd.apache.org/security/vulnerabilities_22.html"
        },
        {
          "name": "APPLE-SA-2012-09-19-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5501"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
        },
        {
          "name": "SSRT100877",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "name": "HPSBUX02761",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2"
        },
        {
          "name": "MDVSA-2013:150",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
        },
        {
          "name": "48551",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48551"
        },
        {
          "name": "SSRT100823",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1888194 [8/13] - /httpd/site/trunk/content/security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-0021",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1227292",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1227292"
            },
            {
              "name": "HPSBMU02786",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
            },
            {
              "name": "MDVSA-2012:012",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:012"
            },
            {
              "name": "RHSA-2012:0543",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0543.html"
            },
            {
              "name": "SSRT100772",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2"
            },
            {
              "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=52256",
              "refsource": "CONFIRM",
              "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=52256"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=785065",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785065"
            },
            {
              "name": "HPSBMU02748",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2"
            },
            {
              "name": "RHSA-2012:0542",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-0542.html"
            },
            {
              "name": "http://httpd.apache.org/security/vulnerabilities_22.html",
              "refsource": "CONFIRM",
              "url": "http://httpd.apache.org/security/vulnerabilities_22.html"
            },
            {
              "name": "APPLE-SA-2012-09-19-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5501",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5501"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
            },
            {
              "name": "SSRT100877",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
            },
            {
              "name": "HPSBUX02761",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2"
            },
            {
              "name": "MDVSA-2013:150",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
            },
            {
              "name": "48551",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48551"
            },
            {
              "name": "SSRT100823",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073139 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1888194 [8/13] - /httpd/site/trunk/content/security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-0021",
    "datePublished": "2012-01-28T02:00:00.000Z",
    "dateReserved": "2011-12-07T00:00:00.000Z",
    "dateUpdated": "2024-08-06T18:09:17.166Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2012-0021",
      "date": "2026-05-24",
      "epss": "0.3296",
      "percentile": "0.96962"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A71F4154-AD20-4EEA-9E2E-D3385C357DA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0B8C9DB-401E-42B3-BAED-D09A96DE9A90\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"062C20A0-05A0-4164-8330-DF6ADFE607F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D345BA35-93BB-406F-B5DC-86E49FB29C22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7ED4892F-C829-4BEA-AB82-6A78F6F2426D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n log_cookie en mod_log_config.c en el m\\u00f3dulo de mod_log_config en Apache HTTP Server v2.2.17 a v2.2.21, cuando se usa MPM multihilo , no controla correctamente una cadena de formato %{}C , lo que permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (ca\\u00edda del demonio) a trav\\u00e9s de una cookie que carece de un nombre y un valor.\"}]",
      "id": "CVE-2012-0021",
      "lastModified": "2024-11-21T01:34:12.520",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-01-28T04:05:00.750",
      "references": "[{\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://httpd.apache.org/security/vulnerabilities_22.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-0542.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-0543.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/48551\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://support.apple.com/kb/HT5501\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1227292\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2012:012\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=785065\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://issues.apache.org/bugzilla/show_bug.cgi?id=52256\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://httpd.apache.org/security/vulnerabilities_22.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-0542.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2012-0543.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/48551\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT5501\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://svn.apache.org/viewvc?view=revision\u0026revision=1227292\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2012:012\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=785065\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://issues.apache.org/bugzilla/show_bug.cgi?id=52256\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-0021\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-01-28T04:05:00.750\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n log_cookie en mod_log_config.c en el m\u00f3dulo de mod_log_config en Apache HTTP Server v2.2.17 a v2.2.21, cuando se usa MPM multihilo , no controla correctamente una cadena de formato %{}C , lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una cookie que carece de un nombre y un valor.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:N/A:P\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A71F4154-AD20-4EEA-9E2E-D3385C357DA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0B8C9DB-401E-42B3-BAED-D09A96DE9A90\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"062C20A0-05A0-4164-8330-DF6ADFE607F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D345BA35-93BB-406F-B5DC-86E49FB29C22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ED4892F-C829-4BEA-AB82-6A78F6F2426D\"}]}]}],\"references\":[{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://httpd.apache.org/security/vulnerabilities_22.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0542.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0543.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/48551\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT5501\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1227292\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:012\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=785065\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://issues.apache.org/bugzilla/show_bug.cgi?id=52256\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://httpd.apache.org/security/vulnerabilities_22.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0542.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0543.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/48551\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT5501\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1227292\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:012\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=785065\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.apache.org/bugzilla/show_bug.cgi?id=52256\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2012-AVI-050

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités permettant de porter atteinte à la confidentialité des données, causer un déni de service et d'élever ses privilèges sont présentes dans Apache HTTP Server.

Description

Plusieurs vulnérabilités existent dans Apache HTTP Server. Elles permettent à un utilisateur malintentionné de porter atteinte à la confidentialité des données, causer un déni de service et d'élever ses privilèges. La liste ci-dessous fournit le détail de ces vulnérabilités :

CVE-2011-3368 : une erreur dans la gestion d'URI mal formées par le module mod_proxy permet à une personne malintentionnée d'envoyer des requêtes à des machines du réseau interne depuis l'extérieur ;
CVE-2011-3607 : la fonction ap_pregsub, lorsque le module mod_setenvif est activé, est vulnérable à un dépassement d'entier permettant à un utilisateur malintentionné d'élever ses privilèges ;
CVE-2011-4317 : cette vulnérabilité permet à un utilisateur malintentionné d'accéder à des machines du réseau interne depuis l'extérieur.
CVE-2012-0021 : mod_log_config ne gère pas correctement certains cookies, ce qui peut conduire à un arrêt inopiné du service Apache.
CVE-2012-0031 : un problème dans la gestion des segments de mémoire partagée peut conduire à un déni de service local.
CVE-2012-0053 : lorsqu'aucune page personnalisée n'est définie pour le code d'erreur 400, il est possible d'obtenir les cookies httpOnly.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Apache	HTTP Server	Apache HTTP Server versions inférieures à 2.2.22.

References

Title

Publication Time

Tags

Bulletin de sécurité Apache

2012-01-31

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache HTTP Server versions inf\u00e9rieures  \u00e0 2.2.22.",
      "product": {
        "name": "HTTP Server",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s existent dans Apache HTTP Server. Elles\npermettent \u00e0 un utilisateur malintentionn\u00e9 de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, causer un d\u00e9ni de service et d\u0027\u00e9lever ses\nprivil\u00e8ges. La liste ci-dessous fournit le d\u00e9tail de ces vuln\u00e9rabilit\u00e9s\n:\n\n-   CVE-2011-3368 : une erreur dans la gestion d\u0027URI mal form\u00e9es par le\n    module mod_proxy permet \u00e0 une personne malintentionn\u00e9e d\u0027envoyer des\n    requ\u00eates \u00e0 des machines du r\u00e9seau interne depuis l\u0027ext\u00e9rieur ;\n-   CVE-2011-3607 : la fonction ap_pregsub, lorsque le module\n    mod_setenvif est activ\u00e9, est vuln\u00e9rable \u00e0 un d\u00e9passement d\u0027entier\n    permettant \u00e0 un utilisateur malintentionn\u00e9 d\u0027\u00e9lever ses privil\u00e8ges ;\n-   CVE-2011-4317 : cette vuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur\n    malintentionn\u00e9 d\u0027acc\u00e9der \u00e0 des machines du r\u00e9seau interne depuis\n    l\u0027ext\u00e9rieur.\n-   CVE-2012-0021 : mod_log_config ne g\u00e8re pas correctement certains\n    cookies, ce qui peut conduire \u00e0 un arr\u00eat inopin\u00e9 du service Apache.\n-   CVE-2012-0031 : un probl\u00e8me dans la gestion des segments de m\u00e9moire\n    partag\u00e9e peut conduire \u00e0 un d\u00e9ni de service local.\n-   CVE-2012-0053 : lorsqu\u0027aucune page personnalis\u00e9e n\u0027est d\u00e9finie pour\n    le code d\u0027erreur 400, il est possible d\u0027obtenir les cookies\n    httpOnly.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
    },
    {
      "name": "CVE-2012-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0021"
    },
    {
      "name": "CVE-2012-0031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0031"
    },
    {
      "name": "CVE-2011-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3607"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-050",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-02-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, causer un d\u00e9ni de service et d\u0027\u00e9lever ses\nprivil\u00e8ges sont pr\u00e9sentes dans \u003cspan class=\"textit\"\u003eApache HTTP\nServer\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Apache",
  "vendor_advisories": [
    {
      "published_at": "2012-01-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Apache",
      "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201201.mbox/\u003c4F286C70.9040705@apache.org\u003e"
    }
  ]
}

CERTA-2012-AVI-225

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans le module Apache de HP-UX. Elles permettent à un utilisateur malintentionné de porter atteinte à la confidentialité des données, causer un déni de service et d'élever ses privilèges. La liste ci-dessous fournit le détail de ces vulnérabilités :

CVE-2011-3607 : la fonction api_pregsub, lorsque le module mod_setenvif est activé, est vulnérable à un dépassement d'entier permettant à un utilisateur malintentionné d'élever ses privilèges ;
CVE-2012-0021 : mod_log_config ne gère pas correctement certains cookies, ce qui peut conduire à un arrêt inopiné du service Apache ;
CVE-2012-0031 : un problème dans la gestion des segments de mémoire partagée peut conduire à un déni de service local ;
CVE-2012-0053 : lorsqu'aucune page personnalisée n'est définie pour le code d'erreur 400, il est possible d'obtenir les cookies httpOnly.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	HP-UX B.11.31 ;
N/A	N/A	HP-UX B.11.23 ;
N/A	N/A	HP-UX B.11.11.

References

Title

Publication Time

Tags

Bulletin de sécurité HP-UX c03278391 du 18 avril 2012	None	vendor-advisory
Document du CERTA CERTA-2012-AVI-050 du 02 février 2012 :	-	other
Bulletin de sécurité HP c03278391 du 18 avril 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP-UX B.11.31 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP-UX B.11.23 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP-UX B.11.11.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
    },
    {
      "name": "CVE-2012-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0021"
    },
    {
      "name": "CVE-2012-0031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0031"
    },
    {
      "name": "CVE-2011-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3607"
    }
  ],
  "links": [
    {
      "title": "Document du CERTA CERTA-2012-AVI-050 du 02 f\u00e9vrier 2012 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2012-AVI-050/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03278391 du 18 avril 2012 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03278391"
    }
  ],
  "reference": "CERTA-2012-AVI-225",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-04-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le module \u003cspan\nclass=\"textit\"\u003eApache\u003c/span\u003e de \u003cspan class=\"textit\"\u003eHP-UX\u003c/span\u003e. Elles\npermettent \u00e0 un utilisateur malintentionn\u00e9 de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, causer un d\u00e9ni de service et d\u0027\u00e9lever ses\nprivil\u00e8ges. La liste ci-dessous fournit le d\u00e9tail de ces vuln\u00e9rabilit\u00e9s\n:\n\n-   CVE-2011-3607 : la fonction \u003cspan class=\"textit\"\u003eapi_pregsub\u003c/span\u003e,\n    lorsque le module \u003cspan class=\"textit\"\u003emod_setenvif\u003c/span\u003e est\n    activ\u00e9, est vuln\u00e9rable \u00e0 un d\u00e9passement d\u0027entier permettant \u00e0 un\n    utilisateur malintentionn\u00e9 d\u0027\u00e9lever ses privil\u00e8ges ;\n-   CVE-2012-0021 : \u003cspan class=\"textit\"\u003emod_log_config\u003c/span\u003e ne g\u00e8re\n    pas correctement certains cookies, ce qui peut conduire \u00e0 un arr\u00eat\n    inopin\u00e9 du service Apache ;\n-   CVE-2012-0031 : un probl\u00e8me dans la gestion des segments de m\u00e9moire\n    partag\u00e9e peut conduire \u00e0 un d\u00e9ni de service local ;\n-   CVE-2012-0053 : lorsqu\u0027aucune page personnalis\u00e9e n\u0027est d\u00e9finie pour\n    le code d\u0027erreur 400, il est possible d\u0027obtenir les cookies\n    httpOnly.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP-UX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP-UX c03278391 du 18 avril 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-358

Vulnerability from certfr_avis - Published: - Updated:

Vingt-huit vulnérabilités ont été corrigées dans HP System Management Homepage. Ces vulnérabilités touchent les versions Linux et Windows du produit et peuvent mener à une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à HP System Management Homepage 7.1.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c03360041 du 26 juin 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 HP System Management Homepage  7.1.1.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4415"
    },
    {
      "name": "CVE-2012-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
    },
    {
      "name": "CVE-2011-4078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4078"
    },
    {
      "name": "CVE-2012-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0021"
    },
    {
      "name": "CVE-2011-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
    },
    {
      "name": "CVE-2012-2015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2015"
    },
    {
      "name": "CVE-2012-2012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2012"
    },
    {
      "name": "CVE-2011-4576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
    },
    {
      "name": "CVE-2012-0031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0031"
    },
    {
      "name": "CVE-2012-2013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2013"
    },
    {
      "name": "CVE-2012-1823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1823"
    },
    {
      "name": "CVE-2011-4577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
    },
    {
      "name": "CVE-2011-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
    },
    {
      "name": "CVE-2011-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
    },
    {
      "name": "CVE-2011-4108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
    },
    {
      "name": "CVE-2011-2821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2821"
    },
    {
      "name": "CVE-2012-1165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1165"
    },
    {
      "name": "CVE-2011-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3607"
    },
    {
      "name": "CVE-2012-2016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2016"
    },
    {
      "name": "CVE-2012-0036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0036"
    },
    {
      "name": "CVE-2012-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0057"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2011-4153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4153"
    },
    {
      "name": "CVE-2011-3379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3379"
    },
    {
      "name": "CVE-2011-4885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
    },
    {
      "name": "CVE-2012-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0830"
    },
    {
      "name": "CVE-2012-0027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0027"
    },
    {
      "name": "CVE-2012-2014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2014"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-358",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-06-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Vingt-huit vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eHP\nSystem Management Homepage\u003c/span\u003e. Ces vuln\u00e9rabilit\u00e9s touchent les\nversions \u003cspan class=\"textit\"\u003eLinux\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eWindows\u003c/span\u003e du produit et peuvent mener \u00e0 une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP System Management Homepage",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03360041 du 26 juin 2012",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
    }
  ]
}

CERTA-2012-AVI-512

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Apple OS X. Certaines d'entre elles permettent à un attaquant d'exécuter du code arbitraire à distance au moyen de fichiers spécialement conçus.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Versions antérieures à OS X Lion v10.7.5.
	Apple	N/A	Versions antérieures à OS X Mountain Lion v10.8.2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 19 Septembre 2012	None	vendor-advisory
Bulletin de sécurité Apple HT5501 du 19 Septembre 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Versions ant\u00e9rieures \u00e0 OS X Lion v10.7.5.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 OS X Mountain Lion v10.8.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3048"
    },
    {
      "name": "CVE-2012-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
    },
    {
      "name": "CVE-2012-3716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3716"
    },
    {
      "name": "CVE-2012-2688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2688"
    },
    {
      "name": "CVE-2012-1667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1667"
    },
    {
      "name": "CVE-2012-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0021"
    },
    {
      "name": "CVE-2012-1173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1173"
    },
    {
      "name": "CVE-2012-0031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0031"
    },
    {
      "name": "CVE-2012-1823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1823"
    },
    {
      "name": "CVE-2012-0671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0671"
    },
    {
      "name": "CVE-2012-0650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0650"
    },
    {
      "name": "CVE-2012-3719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3719"
    },
    {
      "name": "CVE-2012-3721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3721"
    },
    {
      "name": "CVE-2011-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3607"
    },
    {
      "name": "CVE-2012-0643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0643"
    },
    {
      "name": "CVE-2012-2311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2311"
    },
    {
      "name": "CVE-2012-0652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0652"
    },
    {
      "name": "CVE-2012-3722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3722"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2012-0668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0668"
    },
    {
      "name": "CVE-2012-0831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0831"
    },
    {
      "name": "CVE-2011-3026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3026"
    },
    {
      "name": "CVE-2012-3718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3718"
    },
    {
      "name": "CVE-2012-1172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1172"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2012-3720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3720"
    },
    {
      "name": "CVE-2011-4313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4313"
    },
    {
      "name": "CVE-2012-2386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2386"
    },
    {
      "name": "CVE-2012-3723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3723"
    },
    {
      "name": "CVE-2012-0670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0670"
    },
    {
      "name": "CVE-2011-3389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
    },
    {
      "name": "CVE-2012-2143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2143"
    },
    {
      "name": "CVE-2011-4599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4599"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5501 du 19 Septembre 2012 :",
      "url": "http://support.apple.com/kb/HT5501"
    }
  ],
  "reference": "CERTA-2012-AVI-512",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-09-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance au moyen de\nfichiers sp\u00e9cialement con\u00e7us.\n",
  "title": "Multiples Vuln\u00e9rabilit\u00e9s dans Apple OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 19 Septembre 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-050

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités permettant de porter atteinte à la confidentialité des données, causer un déni de service et d'élever ses privilèges sont présentes dans Apache HTTP Server.

Description

CVE-2011-3368 : une erreur dans la gestion d'URI mal formées par le module mod_proxy permet à une personne malintentionnée d'envoyer des requêtes à des machines du réseau interne depuis l'extérieur ;
CVE-2011-3607 : la fonction ap_pregsub, lorsque le module mod_setenvif est activé, est vulnérable à un dépassement d'entier permettant à un utilisateur malintentionné d'élever ses privilèges ;
CVE-2011-4317 : cette vulnérabilité permet à un utilisateur malintentionné d'accéder à des machines du réseau interne depuis l'extérieur.
CVE-2012-0021 : mod_log_config ne gère pas correctement certains cookies, ce qui peut conduire à un arrêt inopiné du service Apache.
CVE-2012-0031 : un problème dans la gestion des segments de mémoire partagée peut conduire à un déni de service local.
CVE-2012-0053 : lorsqu'aucune page personnalisée n'est définie pour le code d'erreur 400, il est possible d'obtenir les cookies httpOnly.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Apache	HTTP Server	Apache HTTP Server versions inférieures à 2.2.22.

References

Title

Publication Time

Tags

Bulletin de sécurité Apache

2012-01-31

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache HTTP Server versions inf\u00e9rieures  \u00e0 2.2.22.",
      "product": {
        "name": "HTTP Server",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s existent dans Apache HTTP Server. Elles\npermettent \u00e0 un utilisateur malintentionn\u00e9 de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, causer un d\u00e9ni de service et d\u0027\u00e9lever ses\nprivil\u00e8ges. La liste ci-dessous fournit le d\u00e9tail de ces vuln\u00e9rabilit\u00e9s\n:\n\n-   CVE-2011-3368 : une erreur dans la gestion d\u0027URI mal form\u00e9es par le\n    module mod_proxy permet \u00e0 une personne malintentionn\u00e9e d\u0027envoyer des\n    requ\u00eates \u00e0 des machines du r\u00e9seau interne depuis l\u0027ext\u00e9rieur ;\n-   CVE-2011-3607 : la fonction ap_pregsub, lorsque le module\n    mod_setenvif est activ\u00e9, est vuln\u00e9rable \u00e0 un d\u00e9passement d\u0027entier\n    permettant \u00e0 un utilisateur malintentionn\u00e9 d\u0027\u00e9lever ses privil\u00e8ges ;\n-   CVE-2011-4317 : cette vuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur\n    malintentionn\u00e9 d\u0027acc\u00e9der \u00e0 des machines du r\u00e9seau interne depuis\n    l\u0027ext\u00e9rieur.\n-   CVE-2012-0021 : mod_log_config ne g\u00e8re pas correctement certains\n    cookies, ce qui peut conduire \u00e0 un arr\u00eat inopin\u00e9 du service Apache.\n-   CVE-2012-0031 : un probl\u00e8me dans la gestion des segments de m\u00e9moire\n    partag\u00e9e peut conduire \u00e0 un d\u00e9ni de service local.\n-   CVE-2012-0053 : lorsqu\u0027aucune page personnalis\u00e9e n\u0027est d\u00e9finie pour\n    le code d\u0027erreur 400, il est possible d\u0027obtenir les cookies\n    httpOnly.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
    },
    {
      "name": "CVE-2012-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0021"
    },
    {
      "name": "CVE-2012-0031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0031"
    },
    {
      "name": "CVE-2011-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3607"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-050",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-02-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, causer un d\u00e9ni de service et d\u0027\u00e9lever ses\nprivil\u00e8ges sont pr\u00e9sentes dans \u003cspan class=\"textit\"\u003eApache HTTP\nServer\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Apache",
  "vendor_advisories": [
    {
      "published_at": "2012-01-31",
      "title": "Bulletin de s\u00e9curit\u00e9 Apache",
      "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201201.mbox/\u003c4F286C70.9040705@apache.org\u003e"
    }
  ]
}

CERTA-2012-AVI-225

Vulnerability from certfr_avis - Published: - Updated:

CVE-2011-3607 : la fonction api_pregsub, lorsque le module mod_setenvif est activé, est vulnérable à un dépassement d'entier permettant à un utilisateur malintentionné d'élever ses privilèges ;
CVE-2012-0021 : mod_log_config ne gère pas correctement certains cookies, ce qui peut conduire à un arrêt inopiné du service Apache ;
CVE-2012-0031 : un problème dans la gestion des segments de mémoire partagée peut conduire à un déni de service local ;
CVE-2012-0053 : lorsqu'aucune page personnalisée n'est définie pour le code d'erreur 400, il est possible d'obtenir les cookies httpOnly.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	HP-UX B.11.31 ;
N/A	N/A	HP-UX B.11.23 ;
N/A	N/A	HP-UX B.11.11.

References

Title

Publication Time

Tags

Bulletin de sécurité HP-UX c03278391 du 18 avril 2012	None	vendor-advisory
Document du CERTA CERTA-2012-AVI-050 du 02 février 2012 :	-	other
Bulletin de sécurité HP c03278391 du 18 avril 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP-UX B.11.31 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP-UX B.11.23 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "HP-UX B.11.11.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
    },
    {
      "name": "CVE-2012-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0021"
    },
    {
      "name": "CVE-2012-0031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0031"
    },
    {
      "name": "CVE-2011-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3607"
    }
  ],
  "links": [
    {
      "title": "Document du CERTA CERTA-2012-AVI-050 du 02 f\u00e9vrier 2012 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2012-AVI-050/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03278391 du 18 avril 2012 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03278391"
    }
  ],
  "reference": "CERTA-2012-AVI-225",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-04-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le module \u003cspan\nclass=\"textit\"\u003eApache\u003c/span\u003e de \u003cspan class=\"textit\"\u003eHP-UX\u003c/span\u003e. Elles\npermettent \u00e0 un utilisateur malintentionn\u00e9 de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, causer un d\u00e9ni de service et d\u0027\u00e9lever ses\nprivil\u00e8ges. La liste ci-dessous fournit le d\u00e9tail de ces vuln\u00e9rabilit\u00e9s\n:\n\n-   CVE-2011-3607 : la fonction \u003cspan class=\"textit\"\u003eapi_pregsub\u003c/span\u003e,\n    lorsque le module \u003cspan class=\"textit\"\u003emod_setenvif\u003c/span\u003e est\n    activ\u00e9, est vuln\u00e9rable \u00e0 un d\u00e9passement d\u0027entier permettant \u00e0 un\n    utilisateur malintentionn\u00e9 d\u0027\u00e9lever ses privil\u00e8ges ;\n-   CVE-2012-0021 : \u003cspan class=\"textit\"\u003emod_log_config\u003c/span\u003e ne g\u00e8re\n    pas correctement certains cookies, ce qui peut conduire \u00e0 un arr\u00eat\n    inopin\u00e9 du service Apache ;\n-   CVE-2012-0031 : un probl\u00e8me dans la gestion des segments de m\u00e9moire\n    partag\u00e9e peut conduire \u00e0 un d\u00e9ni de service local ;\n-   CVE-2012-0053 : lorsqu\u0027aucune page personnalis\u00e9e n\u0027est d\u00e9finie pour\n    le code d\u0027erreur 400, il est possible d\u0027obtenir les cookies\n    httpOnly.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP-UX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP-UX c03278391 du 18 avril 2012",
      "url": null
    }
  ]
}

CERTA-2012-AVI-358

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à HP System Management Homepage 7.1.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité HP c03360041 du 26 juin 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 HP System Management Homepage  7.1.1.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4415"
    },
    {
      "name": "CVE-2012-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
    },
    {
      "name": "CVE-2011-4078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4078"
    },
    {
      "name": "CVE-2012-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0021"
    },
    {
      "name": "CVE-2011-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
    },
    {
      "name": "CVE-2012-2015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2015"
    },
    {
      "name": "CVE-2012-2012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2012"
    },
    {
      "name": "CVE-2011-4576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
    },
    {
      "name": "CVE-2012-0031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0031"
    },
    {
      "name": "CVE-2012-2013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2013"
    },
    {
      "name": "CVE-2012-1823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1823"
    },
    {
      "name": "CVE-2011-4577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
    },
    {
      "name": "CVE-2011-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
    },
    {
      "name": "CVE-2011-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
    },
    {
      "name": "CVE-2011-4108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
    },
    {
      "name": "CVE-2011-2821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2821"
    },
    {
      "name": "CVE-2012-1165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1165"
    },
    {
      "name": "CVE-2011-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3607"
    },
    {
      "name": "CVE-2012-2016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2016"
    },
    {
      "name": "CVE-2012-0036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0036"
    },
    {
      "name": "CVE-2012-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0057"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2011-4153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4153"
    },
    {
      "name": "CVE-2011-3379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3379"
    },
    {
      "name": "CVE-2011-4885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
    },
    {
      "name": "CVE-2012-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0830"
    },
    {
      "name": "CVE-2012-0027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0027"
    },
    {
      "name": "CVE-2012-2014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2014"
    }
  ],
  "links": [],
  "reference": "CERTA-2012-AVI-358",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-06-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Vingt-huit vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eHP\nSystem Management Homepage\u003c/span\u003e. Ces vuln\u00e9rabilit\u00e9s touchent les\nversions \u003cspan class=\"textit\"\u003eLinux\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eWindows\u003c/span\u003e du produit et peuvent mener \u00e0 une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HP System Management Homepage",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03360041 du 26 juin 2012",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
    }
  ]
}

CERTA-2012-AVI-512

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Versions antérieures à OS X Lion v10.7.5.
	Apple	N/A	Versions antérieures à OS X Mountain Lion v10.8.2 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 19 Septembre 2012	None	vendor-advisory
Bulletin de sécurité Apple HT5501 du 19 Septembre 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Versions ant\u00e9rieures \u00e0 OS X Lion v10.7.5.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Versions ant\u00e9rieures \u00e0 OS X Mountain Lion v10.8.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3048"
    },
    {
      "name": "CVE-2012-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
    },
    {
      "name": "CVE-2012-3716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3716"
    },
    {
      "name": "CVE-2012-2688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2688"
    },
    {
      "name": "CVE-2012-1667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1667"
    },
    {
      "name": "CVE-2012-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0021"
    },
    {
      "name": "CVE-2012-1173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1173"
    },
    {
      "name": "CVE-2012-0031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0031"
    },
    {
      "name": "CVE-2012-1823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1823"
    },
    {
      "name": "CVE-2012-0671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0671"
    },
    {
      "name": "CVE-2012-0650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0650"
    },
    {
      "name": "CVE-2012-3719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3719"
    },
    {
      "name": "CVE-2012-3721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3721"
    },
    {
      "name": "CVE-2011-3607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3607"
    },
    {
      "name": "CVE-2012-0643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0643"
    },
    {
      "name": "CVE-2012-2311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2311"
    },
    {
      "name": "CVE-2012-0652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0652"
    },
    {
      "name": "CVE-2012-3722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3722"
    },
    {
      "name": "CVE-2011-3368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3368"
    },
    {
      "name": "CVE-2012-0668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0668"
    },
    {
      "name": "CVE-2012-0831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0831"
    },
    {
      "name": "CVE-2011-3026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3026"
    },
    {
      "name": "CVE-2012-3718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3718"
    },
    {
      "name": "CVE-2012-1172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1172"
    },
    {
      "name": "CVE-2011-4317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
    },
    {
      "name": "CVE-2012-3720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3720"
    },
    {
      "name": "CVE-2011-4313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4313"
    },
    {
      "name": "CVE-2012-2386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2386"
    },
    {
      "name": "CVE-2012-3723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3723"
    },
    {
      "name": "CVE-2012-0670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0670"
    },
    {
      "name": "CVE-2011-3389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
    },
    {
      "name": "CVE-2012-2143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2143"
    },
    {
      "name": "CVE-2011-4599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4599"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5501 du 19 Septembre 2012 :",
      "url": "http://support.apple.com/kb/HT5501"
    }
  ],
  "reference": "CERTA-2012-AVI-512",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-09-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance au moyen de\nfichiers sp\u00e9cialement con\u00e7us.\n",
  "title": "Multiples Vuln\u00e9rabilit\u00e9s dans Apple OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 19 Septembre 2012",
      "url": null
    }
  ]
}

FKIE_CVE-2012-0021

Vulnerability from fkie_nvd - Published: 2012-01-28 04:05 - Updated: 2026-04-29 01:13

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
secalert@redhat.com	http://httpd.apache.org/security/vulnerabilities_22.html	Vendor Advisory
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
secalert@redhat.com	http://marc.info/?l=bugtraq&m=133294460209056&w=2
secalert@redhat.com	http://marc.info/?l=bugtraq&m=133494237717847&w=2
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-0542.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2012-0543.html
secalert@redhat.com	http://secunia.com/advisories/48551
secalert@redhat.com	http://support.apple.com/kb/HT5501
secalert@redhat.com	http://svn.apache.org/viewvc?view=revision&revision=1227292	Patch
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2012:012
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
secalert@redhat.com	http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=785065
secalert@redhat.com	https://issues.apache.org/bugzilla/show_bug.cgi?id=52256	Patch
secalert@redhat.com	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
secalert@redhat.com	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
af854a3a-2127-422b-91ae-364da2661108	http://httpd.apache.org/security/vulnerabilities_22.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=133294460209056&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=133494237717847&w=2
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0542.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2012-0543.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48551
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5501
af854a3a-2127-422b-91ae-364da2661108	http://svn.apache.org/viewvc?view=revision&revision=1227292	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2012:012
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=785065
af854a3a-2127-422b-91ae-364da2661108	https://issues.apache.org/bugzilla/show_bug.cgi?id=52256	Patch
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

Impacted products

Vendor	Product	Version
apache	http_server	2.2.17
apache	http_server	2.2.18
apache	http_server	2.2.19
apache	http_server	2.2.20
apache	http_server	2.2.21

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "A71F4154-AD20-4EEA-9E2E-D3385C357DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0B8C9DB-401E-42B3-BAED-D09A96DE9A90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "062C20A0-05A0-4164-8330-DF6ADFE607F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D345BA35-93BB-406F-B5DC-86E49FB29C22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ED4892F-C829-4BEA-AB82-6A78F6F2426D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n log_cookie en mod_log_config.c en el m\u00f3dulo de mod_log_config en Apache HTTP Server v2.2.17 a v2.2.21, cuando se usa MPM multihilo , no controla correctamente una cadena de formato %{}C , lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio) a trav\u00e9s de una cookie que carece de un nombre y un valor."
    }
  ],
  "id": "CVE-2012-0021",
  "lastModified": "2026-04-29T01:13:23.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-01-28T04:05:00.750",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://httpd.apache.org/security/vulnerabilities_22.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0542.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0543.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48551"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://support.apple.com/kb/HT5501"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1227292"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:012"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785065"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=52256"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://httpd.apache.org/security/vulnerabilities_22.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0542.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0543.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48551"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT5501"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1227292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=52256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MQ76-P4CP-M2VG

Vulnerability from github – Published: 2022-05-04 00:27 – Updated: 2025-04-11 03:54

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-0021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-01-28T04:05:00Z",
    "severity": "LOW"
  },
  "details": "The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.",
  "id": "GHSA-mq76-p4cp-m2vg",
  "modified": "2025-04-11T03:54:49Z",
  "published": "2022-05-04T00:27:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0021"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=52256"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785065"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
    },
    {
      "type": "WEB",
      "url": "http://httpd.apache.org/security/vulnerabilities_22.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=133294460209056\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=133494237717847\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0542.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0543.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48551"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5501"
    },
    {
      "type": "WEB",
      "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1227292"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:012"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-0021 (GCVE-0-2012-0021)

Description

Solution

Solution

Solution

Solution

Description

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature