7 matches found
CVE-2012-0883
CVE-2012-0883 affects the Apache HTTP Server up to version 2.4.2, where the envvars (envvars-std) feature places a zero-length directory name in LD_LIBRARY_PATH. This enables local users to gain privileges by exploiting a Trojan horse DSO in the current working directory during execution of apach...
CVE-2012-2687
Apache HTTP Server 2.4.x before 2.4.3 is affected by CVE-2012-2687 due to XSS in the mod_negotiation make_variant_list function (mod_negotiation.c) when MultiViews is enabled. The vulnerability arises from improper handling of crafted filenames during variant list construction, allowing remote at...
CVE-2012-0053
CVE-2012-0053 affects Apache HTTP Server 2.2.x up to 2.2.21. The flaw in protocol.c during 400 error page construction can reveal HTTPOnly cookie values via long/malformed headers with crafted scripts. Remediation per advisories: upgrade to 2.2.22 or later (e.g., httpd 2.2.22).
CVE-2012-0031
CVE-2012-0031 affects Apache HTTP Server 2.2.21 and earlier, specifically scoreboard.c. The vulnerability allows local users to cause a denial of service (daemon crash during shutdown) or potentially other unspecified impact by modifying a type field in a shared scoreboard Memory segment, which l...
CVE-2012-4557
CVE-2012-4557 affects the Apache HTTP Server, specifically the mod_proxy_ajp module in versions 2.2.12–2.2.21. The vulnerability causes a worker node to enter an error state when a long request-processing time is detected, enabling remote attackers to trigger a denial of service via an expensive ...
CVE-2012-0021
CVE-2012-0021 affects Apache HTTP Server 2.2.17–2.2.21 when using a threaded MPM. The log_cookie function mishandles a %{}C format string in cookies, enabling a remote attacker to cause a denial of service (daemon crash) by sending a cookie with no name and no value. Connected sources (F5 advisor...
CVE-2012-3502
Apache HTTP Server 2.4.x before 2.4.3 is affected by CVE-2012-3502. The vulnerability lies in the proxy components (mod_proxy_ajp.c and mod_proxy_http.c) where the server does not correctly determine when to close a back-end connection, allowing an attacker to read a response intended for a diffe...