CVE-2012-0031

Published: Jan 18, 2012Modified: Apr 29, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

Affected (15)

Products: Apache: Http Server · Debian: Debian Linux · Opensuse: Opensuse · +2 more

Show all products

Apache: Http Server · Debian: Debian Linux · Opensuse: Opensuse · Suse: Linux Enterprise Server, Linux Enterprise Software Development Kit · Redhat: Jboss Enterprise Web Server, Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Workstation, Storage

1 product

1 product

1 product

2 products

Linux Enterprise Server

Linux Enterprise Software Development Kit

Redhat

7 products

Jboss Enterprise Web Server

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Workstation

Storage

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	From 2.0.0 to 2.0.65
Apache Http Server	From 2.2.0 to 2.2.22

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 6.0
Debian Debian Linux	Version 7.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.4
Suse Linux Enterprise Server	Version 10 sp4
Suse Linux Enterprise Software Development Kit	Version 10 sp4

Configuration D

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Web Server	Version 1.0.0

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Linux	Version 6.0

Configuration E

6 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.2
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server Aus	Version 6.2
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Storage	Version 2.0

References (82)

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

Source: secalert@redhat.com

Broken Link

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

Source: secalert@redhat.com

Broken LinkMailing List

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=133294460209056&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=133494237717847&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=134987041210674&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-0128.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-0542.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-0543.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/47410

Source: secalert@redhat.com

Not ApplicableVendor Advisory

http://secunia.com/advisories/48551

Source: secalert@redhat.com

Not Applicable

http://support.apple.com/kb/HT5501

Source: secalert@redhat.com

Third Party Advisory

http://svn.apache.org/viewvc?view=revision&revision=1230065

Source: secalert@redhat.com

Vendor Advisory

http://www.debian.org/security/2012/dsa-2405

Source: secalert@redhat.com

Third Party Advisory

http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/

Source: secalert@redhat.com

ExploitThird Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2012:012

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Source: secalert@redhat.com

Broken Link

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/51407

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=773744

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041