CVE-2012-0053

Published: Jan 28, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

Affected (14)

Products: Apache: Http Server · Debian: Debian Linux · Opensuse: Opensuse · +2 more

Show all products

Apache: Http Server · Debian: Debian Linux · Opensuse: Opensuse · Suse: Linux Enterprise Server, Linux Enterprise Software Development Kit · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Workstation, Storage, Jboss Enterprise Web Server

1 product

1 product

1 product

2 products

Linux Enterprise Server

Linux Enterprise Software Development Kit

Redhat

6 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Workstation

Storage

Jboss Enterprise Web Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	From 2.0.0 to 2.0.65
Apache Http Server	From 2.2.0 to 2.2.22

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 6.0
Debian Debian Linux	Version 7.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.4
Suse Linux Enterprise Server	Version 10 sp4
Suse Linux Enterprise Software Development Kit	Version 10 sp4

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.2
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Storage	Version 2.0

Configuration E

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Web Server	Version 1.0.0

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Linux	Version 6.0

References (90)

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

Source: secalert@redhat.com

Broken Link

http://httpd.apache.org/security/vulnerabilities_22.html

Source: secalert@redhat.com

Vendor Advisory

http://kb.juniper.net/JSA10585

Source: secalert@redhat.com

Third Party Advisory

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

Source: secalert@redhat.com

Broken LinkMailing List

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=133294460209056&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=133494237717847&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=133951357207000&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=136441204617335&w=2

Source: secalert@redhat.com

Issue TrackingMailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-0128.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-0542.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-0543.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/48551

Source: secalert@redhat.com

Not Applicable

http://support.apple.com/kb/HT5501

Source: secalert@redhat.com

Third Party Advisory

http://svn.apache.org/viewvc?view=revision&revision=1235454

Source: secalert@redhat.com

PatchVendor Advisory

http://www.debian.org/security/2012/dsa-2405

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2012:012

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Source: secalert@redhat.com

Broken Link

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Source: secalert@redhat.com

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/51706

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=785069

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041