Main Vulnerability Database SB2012020104

SB2012020104 - Input validation error in apache2 (Alpine package)

Published: February 1, 2012

Security Bulletin ID SB2012020104

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2012-0021)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=eb6bfe8b9093524e7eeeb50630c0dd0921880764
https://git.alpinelinux.org/aports/commit/?id=271ab41139ec89734cef1524dfc916f489708e9f
https://git.alpinelinux.org/aports/commit/?id=400a302e8bca4ad2bbef3bb38737680ef8fb53cd