Lucene search

K
httpdApache Team FoundationHTTPD:B90E2A3B47C473DD04F25ECBDA96D6CE
HistoryJan 15, 2012 - 12:00 a.m.

Apache Httpd < 2.2.22 : error responses can expose cookies

2012-01-1500:00:00
Apache Team Foundation
httpd.apache.org
24

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS

0.717

Percentile

98.1%

A flaw was found in the default error response for status code 400. This flaw could be used by an attacker to expose “httpOnly” cookies when no custom ErrorDocument is specified.

Affected configurations

Vulners
Node
apacheapache_httpdMatch2.2.21
OR
apacheapache_httpdMatch2.2.20
OR
apacheapache_httpdMatch2.2.19
OR
apacheapache_httpdMatch2.2.18
OR
apacheapache_httpdMatch2.2.17
OR
apacheapache_httpdMatch2.2.16
OR
apacheapache_httpdMatch2.2.15
OR
apacheapache_httpdMatch2.2.14
OR
apacheapache_httpdMatch2.2.13
OR
apacheapache_httpdMatch2.2.12
OR
apacheapache_httpdMatch2.2.11
OR
apacheapache_httpdMatch2.2.10
OR
apacheapache_httpdMatch2.2.9
OR
apacheapache_httpdMatch2.2.8
OR
apacheapache_httpdMatch2.2.6
OR
apacheapache_httpdMatch2.2.5
OR
apacheapache_httpdMatch2.2.4
OR
apacheapache_httpdMatch2.2.3
OR
apacheapache_httpdMatch2.2.2
OR
apacheapache_httpdMatch2.2.0

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS

0.717

Percentile

98.1%