CVE-2012-0053

MEDIUM

Description

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://httpd.apache.org/security/vulnerabilities_22.html

http://kb.juniper.net/JSA10585

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html

http://marc.info/?l=bugtraq&m=133294460209056&w=2

http://marc.info/?l=bugtraq&m=133494237717847&w=2

http://marc.info/?l=bugtraq&m=133951357207000&w=2

http://marc.info/?l=bugtraq&m=136441204617335&w=2

http://rhn.redhat.com/errata/RHSA-2012-0128.html

http://rhn.redhat.com/errata/RHSA-2012-0542.html

http://rhn.redhat.com/errata/RHSA-2012-0543.html

http://secunia.com/advisories/48551

http://support.apple.com/kb/HT5501

http://svn.apache.org/viewvc?view=revision&revision=1235454

http://www.debian.org/security/2012/dsa-2405

http://www.mandriva.com/security/advisories?name=MDVSA-2012:012

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

http://www.securityfocus.com/bid/51706

https://bugzilla.redhat.com/show_bug.cgi?id=785069

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2012-01-28

Updated: 2018-01-18

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM