CVE-2012-0031

Apache HTTP Server < 2.0.65 - Denial of Service via Scoreboard Shared Memory Segment

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-0031. PoCs published by halfdog.

AI-analyzed exploit summary This exploit targets a vulnerability in Apache 2.2 where a child process can modify the shared memory segment to trigger an invalid free in the parent process during shutdown, leading to a denial of service (DoS). The proof-of-concept includes code to locate and modify the shared memory segment to exploit the vulnerability.

Description

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

Exploits (1)

exploitdb WORKING POC
by halfdog · textdoslinux
https://www.exploit-db.com/exploits/41768

This exploit targets a vulnerability in Apache 2.2 where a child process can modify the shared memory segment to trigger an invalid free in the parent process during shutdown, leading to a denial of service (DoS). The proof-of-concept includes code to locate and modify the shared memory segment to exploit the vulnerability.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Apache 2.2
No auth needed
Prerequisites: Access to a child process of Apache 2.2 · Ability to modify shared memory segment
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (41)

Core 41
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=773744
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47410
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=134987041210674&w=2
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:012
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0543.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51407
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=133294460209056&w=2
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0128.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0542.html
Broken Link, Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT5501
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=133494237717847&w=2
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48551
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2405
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html

Scores

EPSS 0.0290
EPSS Percentile 85.1%

Details

Status published
Products (14)
apache/http_server 2.0.0 - 2.0.65
debian/debian_linux 5.0
debian/debian_linux 6.0
debian/debian_linux 7.0
opensuse/opensuse 11.4
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_eus 6.2
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_server_aus 6.2
redhat/enterprise_linux_workstation 6.0
... and 4 more
Published Jan 18, 2012
Tracked Since Feb 18, 2026