CVE-2012-0021
published 2012-01-28CVE-2012-0021: The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not…
low2.6CVSS 3.1
AVNACHAuNCNINAP
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | — | — |
| apache | http_server | — | — |
| apache | http_server | — | — |
| apache | http_server | — | — |
| apache | http_server | — | — |
| debian | apache2 | < apache2 2.2.22-1 (bookworm) | apache2 2.2.22-1 (bookworm) |
CVSS provenance
nvd2.6LOWAV:N/AC:H/Au:N/C:N/I:N/A:P
osv2.6LOW