Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-0031

14 documents9 sources

Severity

4.6MEDIUM

EPSS

1.2%

top 21.12%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apache Http Server Debian Debian Linux Opensuse Opensuse +9 more

Timeline

PublishedJan 18

Latest updateMay 4

Description

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages10 packages

▶NVDapache/http_server2.0.0 — 2.0.65+1

▶Debianapache2< 2.2.22-1+3

▶NVDsuse/linux_enterprise_server10

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/jboss_enterprise_web_server1.0.0

Also affects: Debian Linux 5.0, 6.0, 7.0, Enterprise Linux 6.2

🔴Vulnerability Details

GHSA

GHSA-9mf5-9fjr-xvhw: scoreboard↗2022-05-04

▶

CVEList

CVE-2012-0031: scoreboard↗2012-01-18

▶

OSV

CVE-2012-0031: scoreboard↗2012-01-18

▶

💥Exploits & PoCs

Exploit-DB

Apache 2.2 - Scoreboard Invalid Free On Shutdown↗2012-01-11

▶

📋Vendor Advisories

Ubuntu

Apache HTTP Server vulnerabilities↗2012-02-16

▶

Red Hat

httpd: possible crash on shutdown due to flaw in scoreboard handling↗2012-01-11

▶

Debian

CVE-2012-0031: apache2 - scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local user...↗2012

▶

💬Community

Bugzilla

CVE-2011-3368 CVE-2012-0053 CVE-2012-0031 CVE-2012-0021 CVE-2011-3607 httpd: multiple vulnerabilities [fedora-all]↗2012-01-27

▶

Bugzilla

CVE-2012-0031 httpd: possible crash on shutdown due to flaw in scoreboard handling↗2012-01-12

▶

Bugzilla

CVE-2012-0394 struts2: remote execution of arbitrary commands when developer mode is used↗2012-01-11

▶