#VU32827 Permissions, Privileges, and Access Controls in Apache HTTP Server - CVE-2012-0053
Vulnerability identifier: #VU32827
Vulnerability risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Apache HTTP Server
Server applications /
Web servers
Vendor: Apache Foundation
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Apache HTTP Server: 2.2.0 - 2.2.21
External links
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
https://httpd.apache.org/security/vulnerabilities_22.html
https://kb.juniper.net/JSA10585
https://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
https://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html
https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html
https://marc.info/?l=bugtraq&m=133294460209056&w=2
https://marc.info/?l=bugtraq&m=133494237717847&w=2
https://marc.info/?l=bugtraq&m=133951357207000&w=2
https://marc.info/?l=bugtraq&m=136441204617335&w=2
https://rhn.redhat.com/errata/RHSA-2012-0128.html
https://rhn.redhat.com/errata/RHSA-2012-0542.html
https://rhn.redhat.com/errata/RHSA-2012-0543.html
https://secunia.com/advisories/48551
https://support.apple.com/kb/HT5501
https://svn.apache.org/viewvc?view=revision&revision=1235454
https://www.debian.org/security/2012/dsa-2405
https://www.mandriva.com/security/advisories?name=MDVSA-2012:012
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
https://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
https://www.securityfocus.com/bid/51706
https://bugzilla.redhat.com/show_bug.cgi?id=785069
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
