Permissions, Privileges, and Access Controls in Apache HTTP Server

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU32827

Risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2012-0053

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Apache HTTP Server: 2.2.0 - 2.2.21

CPE2.3

• cpe:2.3:a:apache_foundation:apache_http_server:2.2.0:*:*:*:*:*:*:*
• cpe:2.3:a:apache_foundation:apache_http_server:2.2.2:*:*:*:*:*:*:*
• cpe:2.3:a:apache_foundation:apache_http_server:2.2.3:*:*:*:*:*:*:*

External links

https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
https://httpd.apache.org/security/vulnerabilities_22.html
https://kb.juniper.net/JSA10585
https://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
https://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html
https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html
https://marc.info/?l=bugtraq&m=133294460209056&w=2
https://marc.info/?l=bugtraq&m=133494237717847&w=2
https://marc.info/?l=bugtraq&m=133951357207000&w=2
https://marc.info/?l=bugtraq&m=136441204617335&w=2
https://rhn.redhat.com/errata/RHSA-2012-0128.html
https://rhn.redhat.com/errata/RHSA-2012-0542.html
https://rhn.redhat.com/errata/RHSA-2012-0543.html
https://secunia.com/advisories/48551
https://support.apple.com/kb/HT5501
https://svn.apache.org/viewvc?view=revision&revision=1235454
https://www.debian.org/security/2012/dsa-2405
https://www.mandriva.com/security/advisories?name=MDVSA-2012:012
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
https://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
https://www.securityfocus.com/bid/51706
https://bugzilla.redhat.com/show_bug.cgi?id=785069
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.