CVE-2012-0053

MEDIUM

Description

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://httpd.apache.org/security/vulnerabilities_22.html

http://kb.juniper.net/JSA10585

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html

http://marc.info/?l=bugtraq&m=133294460209056&w=2

http://marc.info/?l=bugtraq&m=133494237717847&w=2

http://marc.info/?l=bugtraq&m=133951357207000&w=2

http://marc.info/?l=bugtraq&m=136441204617335&w=2

http://rhn.redhat.com/errata/RHSA-2012-0128.html

http://rhn.redhat.com/errata/RHSA-2012-0542.html

http://rhn.redhat.com/errata/RHSA-2012-0543.html

http://secunia.com/advisories/48551

http://support.apple.com/kb/HT5501

http://svn.apache.org/viewvc?view=revision&revision=1235454

http://www.debian.org/security/2012/dsa-2405

http://www.mandriva.com/security/advisories?name=MDVSA-2012:012

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

http://www.securityfocus.com/bid/51706

https://bugzilla.redhat.com/show_bug.cgi?id=785069

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2012-01-28

Updated: 2021-03-30

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
83578SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0469-1)NessusSuSE Local Security Checks
medium
80582Oracle Solaris Third-Party Patch Update : apache (cve_2011_3607_buffer_overflow)NessusSolaris Local Security Checks
medium
80192Juniper Junos Space 11.1x < 13.1R1.6 Multiple Vulnerabilities (JSA10585)NessusJunos Local Security Checks
medium
79733F5 Networks BIG-IP : Apache HTTP server vulnerabilities (SOL15889)NessusF5 Networks Local Security Checks
medium
78923RHEL 5 / 6 : JBoss Web Server (RHSA-2012:0542)NessusRed Hat Local Security Checks
medium
78168F5 Networks BIG-IP : Apache vulnerability (SOL15273)NessusF5 Networks Local Security Checks
medium
77326Juniper NSM < 2012.2R9 Multiple Java and Apache Vulnerabilities (JSA10642)NessusMisc.
critical
75789openSUSE Security Update : apache2-201202 (openSUSE-SU-2012:0314-1)NessusSuSE Local Security Checks
medium
74555openSUSE Security Update : apache2 (openSUSE-2012-132)NessusSuSE Local Security Checks
medium
69653Amazon Linux AMI : httpd (ALAS-2012-46)NessusAmazon Linux Local Security Checks
medium
68914Apache 2.0.x < 2.0.65 Multiple VulnerabilitiesNessusWeb Servers
medium
68488Oracle Linux 5 : httpd (ELSA-2012-0323)NessusOracle Linux Local Security Checks
medium
68458Oracle Linux 6 : httpd (ELSA-2012-0128)NessusOracle Linux Local Security Checks
medium
6583Mac OS X 10.7 < 10.7.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
62214Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
critical
62213Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)NessusMacOS X Local Security Checks
critical
61261Scientific Linux Security Update : httpd on SL5.x i386/x86_64 (20120221)NessusScientific Linux Local Security Checks
medium
61245Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20120213)NessusScientific Linux Local Security Checks
medium
59851HP System Management Homepage < 7.1.1 Multiple VulnerabilitiesNessusWeb Servers
critical
59678GLSA-201206-25 : Apache HTTP Server: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
58252Fedora 15 : httpd-2.2.22-1.fc15 (2012-1642)NessusFedora Local Security Checks
medium
58166SuSE 10 Security Update : Apache2 (ZYPP Patch Number 7972)NessusSuSE Local Security Checks
medium
58085RHEL 5 : httpd (RHSA-2012:0323)NessusRed Hat Local Security Checks
medium
58050Fedora 16 : httpd-2.2.22-1.fc16 (2012-1598)NessusFedora Local Security Checks
medium
58030SuSE 11.1 Security Update : Apache2 (SAT Patch Number 5760)NessusSuSE Local Security Checks
medium
57999Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : apache2 vulnerabilities (USN-1368-1)NessusUbuntu Local Security Checks
medium
57960CentOS 6 : httpd (CESA-2012:0128)NessusCentOS Local Security Checks
medium
57931RHEL 6 : httpd (RHSA-2012:0128)NessusRed Hat Local Security Checks
medium
57892Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : httpd (SSA:2012-041-01)NessusSlackware Local Security Checks
medium
57851Debian DSA-2405-1 : apache2 - multiple issuesNessusDebian Local Security Checks
medium
800552Apache 2.2 < 2.2.22 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
high
6302Apache 2.2 < 2.2.22 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
57819Mandriva Linux Security Advisory : apache (MDVSA-2012:012)NessusMandriva Local Security Checks
medium
57792Apache HTTP Server httpOnly Cookie Information DisclosureNessusWeb Servers
medium
57791Apache 2.2.x < 2.2.22 Multiple VulnerabilitiesNessusWeb Servers
medium
57786FreeBSD : apache -- multiple vulnerabilities (4b7dbfab-4c6b-11e1-bc16-0023ae8e59f0)NessusFreeBSD Local Security Checks
medium