CVE-2012-4557

Apache HTTP Server 2.2.12-2.2.21 - Denial of Service via mod_proxy_ajp Worker Consumption

Title source: llm
STIX 2.1

Description

The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.

References (23)

Core 23
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18938
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19284
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136612293908376&w=2
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2579
Patch, Vendor Advisory x_refsource_confirm
http://httpd.apache.org/security/vulnerabilities_22.html#2.2.22
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=871685
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html

Scores

EPSS 0.1747
EPSS Percentile 96.8%

Details

CWE
CWE-399
Status published
Products (10)
apache/http_server 2.2.12
apache/http_server 2.2.13
apache/http_server 2.2.14
apache/http_server 2.2.15
apache/http_server 2.2.16
apache/http_server 2.2.17
apache/http_server 2.2.18
apache/http_server 2.2.19
apache/http_server 2.2.20
apache/http_server 2.2.21
Published Nov 30, 2012
Tracked Since Feb 18, 2026