Description
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form Email Cross-Site Scripting (1.1.49)
WordPress Plugin Profile Extra Fields by BestWebSoft Cross-Site Scripting (1.0.7)
WordPress Plugin Fast Velocity Minify Information Disclosure (2.7.6)
JQuery Prototype Pollution Vulnerability (CVE-2019-11358)
WordPress Plugin Venture Event Manager Cross-Site Scripting (3.2.4)