Launchpad.net

CVE 2012-0053

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

Related bugs and status

CVE-2012-0053 (Candidate) is related to these bugs:

Bug #811422: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite

		In	Importance	Status
811422	Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite	apache2 (Ubuntu)	Low	Fix Released
811422	Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite	apache2 (Ubuntu Lucid)	Low	Fix Released
811422	Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite	apache2 (Ubuntu Precise)	Low	Fix Released
811422	Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite	apache2 (Ubuntu Oneiric)	Low	Fix Released
811422	Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite	apache2 (Ubuntu Hardy)	Low	Fix Released
811422	Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite	apache2 (Ubuntu Maverick)	Low	Fix Released
811422	Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite	apache2 (Ubuntu Natty)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-0053

Related bugs and status

Related bugs

References