CVE-2012-4557

MEDIUM

Description

The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.

References

http://httpd.apache.org/security/vulnerabilities_22.html#2.2.22

http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html

http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html

http://marc.info/?l=bugtraq&m=136612293908376&w=2

http://svn.apache.org/viewvc?view=revision&revision=1227298

http://www.debian.org/security/2012/dsa-2579

https://bugzilla.redhat.com/show_bug.cgi?id=871685

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18938

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19284

Details

Source: MITRE

Published: 2012-11-30

Updated: 2021-03-30

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
83578SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0469-1)NessusSuSE Local Security Checks
medium
75181openSUSE Security Update : apache2 (openSUSE-SU-2013:0243-1)NessusSuSE Local Security Checks
medium
68750Oracle Linux 6 : httpd (ELSA-2013-0512)NessusOracle Linux Local Security Checks
medium
65607Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : apache2 vulnerabilities (USN-1765-1)NessusUbuntu Local Security Checks
medium
65145CentOS 6 : httpd (CESA-2013:0512)NessusCentOS Local Security Checks
medium
65023SuSE 11.2 Security Update : Apache (SAT Patch Number 7409)NessusSuSE Local Security Checks
medium
64952Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20130221)NessusScientific Linux Local Security Checks
medium
64761RHEL 6 : httpd (RHSA-2013:0512)NessusRed Hat Local Security Checks
medium
63114Debian DSA-2579-1 : apache2 - Multiple issuesNessusDebian Local Security Checks
medium
800552Apache 2.2 < 2.2.22 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
high
6302Apache 2.2 < 2.2.22 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
57791Apache 2.2.x < 2.2.22 Multiple VulnerabilitiesNessusWeb Servers
medium