CVE-2012-1181

CWE-119 — Buffer Overflow8 documents6 sources

Severity

5.0MEDIUM

EPSS

9.7%

top 7.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache MOD Fcgid

Timeline

PublishedMar 19

Latest updateMay 17

Description

fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianlibapache2-mod-fcgid< 1:2.3.6-1.1+3

▶NVDapache/mod_fcgid2.3.6

Patches

Patch: issues.apache.org ↗Patch: issues.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-jp83-4w56-5w6x: fcgid_spawn_ctl↗2022-05-17

▶

OSV

CVE-2012-1181: fcgid_spawn_ctl↗2012-03-19

▶

CVEList

CVE-2012-1181: fcgid_spawn_ctl↗2012-03-19

▶

📋Vendor Advisories

Debian

CVE-2012-1181: libapache2-mod-fcgid - fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does ...↗2012

▶

💬Community

Bugzilla

CVE-2012-1181 mod_fcgid 2.3.6 does not respect configured FcgidMaxProcessesPerClass in VirtualHost [epel-all]↗2012-03-16

▶

Bugzilla

CVE-2012-1181 mod_fcgid 2.3.6 does not respect configured FcgidMaxProcessesPerClass in VirtualHost [fedora-all]↗2012-03-16

▶

Bugzilla

CVE-2012-1181 mod_fcgid 2.3.6 does not respect configured FcgidMaxProcessesPerClass in VirtualHost↗2012-03-16

▶