CVE-2012-4557 — Apache Http Server vulnerability

CWE-3999 documents9 sources

Severity

5.0MEDIUMNVD

EPSS

26.0%

top 3.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedNov 30

Latest updateMay 13

Description

The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server10 versions+9

Patches

Patch: httpd.apache.org ↗Patch: httpd.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-9p9q-h6h7-37g9: The mod_proxy_ajp module in the Apache HTTP Server 2↗2022-05-13

▶

CVEList

CVE-2012-4557: The mod_proxy_ajp module in the Apache HTTP Server 2↗2012-11-30

▶

OSV

CVE-2012-4557: The mod_proxy_ajp module in the Apache HTTP Server 2↗2012-11-30

▶

📋Vendor Advisories

Ubuntu

Apache HTTP Server vulnerabilities↗2013-03-18

▶

Red Hat

httpd: mod_proxy_ajp worker moved to error state when timeout exceeded↗2012-01-04

▶

Debian

CVE-2012-4557: apache2 - The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places ...↗2012

▶

Apache

Apache httpd: CVE-2012-4557↗

▶

💬Community

Bugzilla

CVE-2012-4557 httpd: mod_proxy_ajp worker moved to error state when timeout exceeded↗2012-10-31

▶