Home > Vulnerability Database > CVE-2012-0053

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2012-0053

Good to know:

Date: January 27, 2012

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

Language: C

Severity Score

3.7

Related Resources (50)

Url: http://httpd.apache.org/security/vulnerabilities_22.html

Url: https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

Url: http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html

Url: http://marc.info/?l=bugtraq&m=133294460209056&w=2

Url: http://www.debian.org/security/2012/dsa-2405

Url: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Url: https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

Url: http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html

Url: http://svn.apache.org/viewvc?view=revision&revision=1235454

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2012:012

Url: http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

Url: https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

Url: http://www.securityfocus.com/bid/51706

Url: http://marc.info/?l=bugtraq&m=133494237717847&w=2

Url: https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

Url: http://marc.info/?l=bugtraq&m=136441204617335&w=2

Url: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2012-0053

Url: https://access.redhat.com/security/cve/CVE-2012-0053

Url: https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

Url: http://marc.info/?l=bugtraq&m=133951357207000&w=2

Url: https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-0053

Url: http://support.apple.com/kb/HT5501

Url: https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

Url: https://security-tracker.debian.org/tracker/CVE-2012-0053

Url: https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

Url: http://rhn.redhat.com/errata/RHSA-2012-0128.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=785069

Url: http://rhn.redhat.com/errata/RHSA-2012-0543.html

Url: https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E

Url: https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E

Url: http://secunia.com/advisories/48551

Url: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

Url: http://rhn.redhat.com/errata/RHSA-2012-0542.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Url: https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

Url: http://kb.juniper.net/JSA10585

Url: https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

Url: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

Url: https://www.mend.io/vulnerability-database/CVE-2012-0053

Severity Score

3.7

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version 2.2.22

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us