4.3

CVE-2012-0053

EPSS 70.5%
Veröffentlicht 28.01.2012 04:05:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 48

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ HTTP Server Version >= 2.0.0 < 2.0.65

Apache ≫ HTTP Server Version >= 2.2.0 < 2.2.22

Debian ≫ Debian Linux Version5.0

Debian ≫ Debian Linux Version6.0

Debian ≫ Debian Linux Version7.0

Opensuse ≫ Opensuse Version11.4

Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEdition-

Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp4

Redhat ≫ Storage Version2.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Eus Version6.2

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Jboss Enterprise Web Server Version1.0.0

Redhat ≫ Enterprise Linux Version5.0
Redhat ≫ Enterprise Linux Version6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	70.5%	0.986

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Broken Link

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

Third Party Advisory

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Third Party Advisory

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E

http://httpd.apache.org/security/vulnerabilities_22.html

Vendor Advisory

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E

http://marc.info/?l=bugtraq&m=133951357207000&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

Broken Link

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

Broken Link

Mailing List

http://support.apple.com/kb/HT5501

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-0542.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-0543.html

Third Party Advisory

http://kb.juniper.net/JSA10585

Third Party Advisory

http://marc.info/?l=bugtraq&m=133294460209056&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://secunia.com/advisories/48551

Not Applicable

http://www.debian.org/security/2012/dsa-2405

Third Party Advisory

http://marc.info/?l=bugtraq&m=133494237717847&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://rhn.redhat.com/errata/RHSA-2012-0128.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html

Third Party Advisory

Mailing List

http://www.mandriva.com/security/advisories?name=MDVSA-2012:012

Broken Link

http://marc.info/?l=bugtraq&m=136441204617335&w=2

Third Party Advisory

Mailing List

Issue Tracking

http://svn.apache.org/viewvc?view=revision&revision=1235454

Patch

Vendor Advisory

http://www.securityfocus.com/bid/51706

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=785069

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2012-0053

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-0053

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-0053

EUVD