CVE-2012-0031

MEDIUM

Description

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html

http://marc.info/?l=bugtraq&m=133294460209056&w=2

http://marc.info/?l=bugtraq&m=133494237717847&w=2

http://marc.info/?l=bugtraq&m=134987041210674&w=2

http://rhn.redhat.com/errata/RHSA-2012-0128.html

http://rhn.redhat.com/errata/RHSA-2012-0542.html

http://rhn.redhat.com/errata/RHSA-2012-0543.html

http://secunia.com/advisories/47410

http://secunia.com/advisories/48551

http://support.apple.com/kb/HT5501

http://svn.apache.org/viewvc?view=revision&revision=1230065

http://www.debian.org/security/2012/dsa-2405

http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/

http://www.mandriva.com/security/advisories?name=MDVSA-2012:012

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

http://www.securityfocus.com/bid/51407

https://bugzilla.redhat.com/show_bug.cgi?id=773744

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2012-01-18

Updated: 2021-03-30

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.65:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.3.68:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:1.99:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.1.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions up to 2.2.21 (inclusive)

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
83578SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0469-1)NessusSuSE Local Security Checks
medium
80582Oracle Solaris Third-Party Patch Update : apache (cve_2011_3607_buffer_overflow)NessusSolaris Local Security Checks
medium
79733F5 Networks BIG-IP : Apache HTTP server vulnerabilities (SOL15889)NessusF5 Networks Local Security Checks
medium
78923RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0542)NessusRed Hat Local Security Checks
medium
77326Juniper NSM < 2012.2R9 Multiple Java and Apache Vulnerabilities (JSA10642)NessusMisc.
critical
75789openSUSE Security Update : apache2-201202 (openSUSE-SU-2012:0314-1)NessusSuSE Local Security Checks
medium
74555openSUSE Security Update : apache2 (openSUSE-2012-132)NessusSuSE Local Security Checks
medium
69653Amazon Linux AMI : httpd (ALAS-2012-46)NessusAmazon Linux Local Security Checks
medium
68914Apache 2.0.x < 2.0.65 Multiple VulnerabilitiesNessusWeb Servers
medium
68488Oracle Linux 5 : httpd (ELSA-2012-0323)NessusOracle Linux Local Security Checks
medium
68458Oracle Linux 6 : httpd (ELSA-2012-0128)NessusOracle Linux Local Security Checks
medium
6583Mac OS X 10.7 < 10.7.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
62214Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
critical
62213Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)NessusMacOS X Local Security Checks
critical
61261Scientific Linux Security Update : httpd on SL5.x i386/x86_64 (20120221)NessusScientific Linux Local Security Checks
medium
61245Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20120213)NessusScientific Linux Local Security Checks
medium
59851HP System Management Homepage < 7.1.1 Multiple VulnerabilitiesNessusWeb Servers
critical
59678GLSA-201206-25 : Apache HTTP Server: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
58252Fedora 15 : httpd-2.2.22-1.fc15 (2012-1642)NessusFedora Local Security Checks
medium
58166SuSE 10 Security Update : Apache2 (ZYPP Patch Number 7972)NessusSuSE Local Security Checks
medium
58085RHEL 5 : httpd (RHSA-2012:0323)NessusRed Hat Local Security Checks
medium
58050Fedora 16 : httpd-2.2.22-1.fc16 (2012-1598)NessusFedora Local Security Checks
medium
58030SuSE 11.1 Security Update : Apache2 (SAT Patch Number 5760)NessusSuSE Local Security Checks
medium
57999Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : apache2 vulnerabilities (USN-1368-1)NessusUbuntu Local Security Checks
medium
57960CentOS 6 : httpd (CESA-2012:0128)NessusCentOS Local Security Checks
medium
57931RHEL 6 : httpd (RHSA-2012:0128)NessusRed Hat Local Security Checks
medium
57892Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : httpd (SSA:2012-041-01)NessusSlackware Local Security Checks
medium
57851Debian DSA-2405-1 : apache2 - multiple issuesNessusDebian Local Security Checks
medium
800552Apache 2.2 < 2.2.22 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
high
6302Apache 2.2 < 2.2.22 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
57819Mandriva Linux Security Advisory : apache (MDVSA-2012:012)NessusMandriva Local Security Checks
medium
57791Apache 2.2.x < 2.2.22 Multiple VulnerabilitiesNessusWeb Servers
medium
57786FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)NessusFreeBSD Local Security Checks
medium