Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache HTTP Server CVE-2012-0053 Vulnerability (CVE-2012-0053)

Description

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

Remediation

References

Related Vulnerabilities

SharePoint CVE-2021-31173 Vulnerability (CVE-2021-31173)

WordPress Plugin BuddyPress Docs Security Bypass (1.9.2)

Oracle Database Server CVE-2016-5555 Vulnerability (CVE-2016-5555)

Oracle JRE CVE-2020-14796 Vulnerability (CVE-2020-14796)

Oracle Database Server CVE-2019-2571 Vulnerability (CVE-2019-2571)

Severity

Medium

Classification

CVE-2012-0053

Tags

Missing Update Known Vulnerabilities