Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2012-0021HistoryJan 28, 2012 - 4:05 a.m.
CVE-2012-0021
2012-01-2804:05:00
Debian Security Bug Tracker
security-tracker.debian.org
13
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.924 High
EPSS
Percentile
98.9%
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | apache2 | < 2.2.22-1 | apache2_2.2.22-1_all.deb |
| Debian | 11 | all | apache2 | < 2.2.22-1 | apache2_2.2.22-1_all.deb |
| Debian | 10 | all | apache2 | < 2.2.22-1 | apache2_2.2.22-1_all.deb |
| Debian | 999 | all | apache2 | < 2.2.22-1 | apache2_2.2.22-1_all.deb |
| Debian | 13 | all | apache2 | < 2.2.22-1 | apache2_2.2.22-1_all.deb |
Related
prion
prion
Format string
2012-01-28 04:05:00
httpd
httpd
Apache Httpd < 2.2.22 : mod_log_config crash
2011-12-30 00:00:00
ubuntucve
ubuntucve
CVE-2012-0021
2012-01-27 00:00:00
checkpoint_advisories
checkpoint_advisories
nessus
nessus
Mandriva Linux Security Advisory : apache (MDVSA-2012:012)
2012-02-03 00:00:00
cve
cve
CVE-2012-0021
2012-01-28 04:05:00
openvas
openvas
Apache HTTP Server DoS Vulnerability (Nov 2011) - Linux
2021-11-01 00:00:00
Mandriva Update for apache MDVSA-2012:012 (apache)
2012-02-03 00:00:00
Mandriva Update for apache MDVSA-2012:012 (apache)
2012-02-03 00:00:00
f5
f5
K15894 : Apache vulnerabilities CVE-2012-4557 and CVE-2012-0021
2014-12-05 00:00:00
SOL15894 - Apache vulnerabilities CVE-2012-4557 and CVE-2012-0021
2014-12-04 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2012-02-16 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: httpd-2.2.22-1.fc15
2012-03-06 19:30:50
securityvulns
securityvulns
Apache multiple security vulnerabilities
2012-02-03 00:00:00
[Announce] Apache HTTP Server 2.2.22 Released
2012-02-03 00:00:00
slackware
slackware
[slackware-security] httpd
2012-02-10 17:43:57
altlinux
altlinux
Security fix for the ALT Linux 8 package apache2 version 2.2.22-alt1
2012-02-02 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.22-alt1
2012-02-02 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.22-alt1
2012-02-02 00:00:00
freebsd
freebsd
apache -- multiple vulnerabilities
2011-10-05 00:00:00
redhat
redhat
(RHSA-2012:0543) Moderate: httpd security and bug fix update
2012-05-07 18:13:40
(RHSA-2012:0542) Moderate: httpd security and bug fix update
2012-05-07 00:00:00
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2012
2012-07-17 00:00:00
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.924 High
EPSS
Percentile
98.9%
Related for DEBIANCVE:CVE-2012-0021