#VU32825 Input validation error in Apache HTTP Server - CVE-2012-0021

Cybersecurity Help s.r.o.

Published: 2012-01-28 | Updated: 2020-07-28

Vulnerability identifier: #VU32825

Vulnerability risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2012-0021

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apache HTTP Server
Server applications / Web servers

Vendor: Apache Foundation

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Apache HTTP Server: 2.2.17 - 2.2.21

External links
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
https://httpd.apache.org/security/vulnerabilities_22.html
https://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
https://marc.info/?l=bugtraq&m=133294460209056&w=2
https://marc.info/?l=bugtraq&m=133494237717847&w=2
https://rhn.redhat.com/errata/RHSA-2012-0542.html
https://rhn.redhat.com/errata/RHSA-2012-0543.html
https://secunia.com/advisories/48551
https://support.apple.com/kb/HT5501
https://svn.apache.org/viewvc?view=revision&revision=1227292
https://www.mandriva.com/security/advisories?name=MDVSA-2012:012
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
https://bugzilla.redhat.com/show_bug.cgi?id=785065
https://issues.apache.org/bugzilla/show_bug.cgi?id=52256
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in HP-UX Running Apache

Multiple vulnerabilities in HP OpenView Network Node Manager (OV NNM)

Slackware Linux update for httpd

Input validation error in apache2 (Alpine package)

Input validation error in Apache HTTP Server