Check Point Advisories

Apache HTTPD mod_log_config Cookie Handling Denial of Service - High Confidence (CVE-2012-0021)

Check Point Reference: CPAI-2013-1603
Date Published: 23 Apr 2013
Severity: High
Last Updated: Tuesday 01 January, 2013
Source: CVE-2012-0021
Protection Provided by:
Who is Vulnerable? Apache Software Foundation HTTP Server 2.2.21 and prior
Vulnerability Description A denial of service vulnerability has been reported in Apache HTTPD server. The vulnerability is due to a NULL pointer dereference error while logging crafted HTTP requests by mod_log_config. A remote attacker can exploit this issue by continuously sending HTTP requests containing specially crafted Cookie headers to the target server. Successful exploitation could cause the server to crash, resulting in a complete denial of service condition.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK