Description

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

Remediation

References

CVE-2012-0053

Related Vulnerabilities

WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Cross-Site Scripting (2.9.8)

WordPress Plugin WordPress Appointment Schedule Booking System Cross-Site Scripting (1.0)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Open Redirect (2.3.1)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-6889)

WordPress Plugin WordPress Book List Arbitrary File Upload (5.0.11)

Severity

Medium

Classification

CVE-2012-0053

Tags

Missing Update Known Vulnerabilities