Description

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.

Remediation

References

CVE-2012-0021

Related Vulnerabilities

WordPress Plugin Catpro Gallery Arbitrary File Upload (3.8)

Internet Information Services Other Vulnerability (CVE-2002-0224)

WordPress Plugin Membership Simplified Multiple SQL Injection Vulnerabilities (1.58)

WordPress 2.0.6 'Zend_Hash_Del_Key_Or_Index' SQL Injection Vulnerability (0.6.2 - 2.0.6)

WordPress Plugin Contact Form 7 Security Bypass (4.1)

Severity

Low

Classification

CVE-2012-0021 CWE-20

Tags

Missing Update Known Vulnerabilities