Description

fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.

Remediation

References

CVE-2012-1181

Related Vulnerabilities

Oracle Application Server CVE-2006-3709 Vulnerability (CVE-2006-3709)

WordPress Plugin Request a Quote Cross-Site Scripting (2.3.3)

PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12718)

MySQL CVE-2013-0389 Vulnerability (CVE-2013-0389)

YetiForce CRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-1411)

Severity

Medium

Classification

CVE-2012-1181 CWE-119

Tags

Missing Update Known Vulnerabilities