CVE-2012-4557MEDIUM
Description
The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
References
http://httpd.apache.org/security/vulnerabilities_22.html#2.2.22
http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
http://marc.info/?l=bugtraq&m=136612293908376&w=2
http://svn.apache.org/viewvc?view=revision&revision=1227298
http://www.debian.org/security/2012/dsa-2579
https://bugzilla.redhat.com/show_bug.cgi?id=871685
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18938
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19284
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 83578 | SUSE SLES10 Security Update : apache2 (SUSE-SU-2013:0469-1) | Nessus | SuSE Local Security Checks | medium |
| 75181 | openSUSE Security Update : apache2 (openSUSE-SU-2013:0243-1) | Nessus | SuSE Local Security Checks | medium |
| 68750 | Oracle Linux 6 : httpd (ELSA-2013-0512) | Nessus | Oracle Linux Local Security Checks | medium |
| 65607 | Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : apache2 vulnerabilities (USN-1765-1) | Nessus | Ubuntu Local Security Checks | medium |
| 65145 | CentOS 6 : httpd (CESA-2013:0512) | Nessus | CentOS Local Security Checks | medium |
| 65023 | SuSE 11.2 Security Update : Apache (SAT Patch Number 7409) | Nessus | SuSE Local Security Checks | medium |
| 64952 | Scientific Linux Security Update : httpd on SL6.x i386/x86_64 (20130221) | Nessus | Scientific Linux Local Security Checks | medium |
| 64761 | RHEL 6 : httpd (RHSA-2013:0512) | Nessus | Red Hat Local Security Checks | medium |
| 63114 | Debian DSA-2579-1 : apache2 - Multiple issues | Nessus | Debian Local Security Checks | medium |
| 800552 | Apache 2.2 < 2.2.22 Multiple Vulnerabilities | Log Correlation Engine | Web Servers | high |
| 6302 | Apache 2.2 < 2.2.22 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | medium |
| 57791 | Apache 2.2.x < 2.2.22 Multiple Vulnerabilities | Nessus | Web Servers | medium |