CVE-2012-0021

Apache HTTP Server 2.2.17-2.2.21 - Denial of Service via Malformed Cookie in mod_log_config

Title source: llm
STIX 2.1

Description

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.

References (28)

Core 28
Core References
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0543.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0542.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:012
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=133294460209056&w=2
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=785065
Vendor Advisory x_refsource_confirm
http://httpd.apache.org/security/vulnerabilities_22.html
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=133494237717847&w=2
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5501
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48551

Scores

EPSS 0.3081
EPSS Percentile 98.0%

Details

CWE
CWE-20
Status published
Products (5)
apache/http_server 2.2.17
apache/http_server 2.2.18
apache/http_server 2.2.19
apache/http_server 2.2.20
apache/http_server 2.2.21
Published Jan 28, 2012
Tracked Since Feb 18, 2026