Launchpad CVE tracker

CVE 2012-0021

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.

Related bugs and status

CVE-2012-0021 (Candidate) is related to these bugs:

Bug #811422: Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite

		In	Importance	Status
811422	Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite	apache2 (Ubuntu)	Low	Fix Released
811422	Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite	apache2 (Ubuntu Lucid)	Low	Fix Released
811422	Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite	apache2 (Ubuntu Precise)	Low	Fix Released
811422	Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite	apache2 (Ubuntu Oneiric)	Low	Fix Released
811422	Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite	apache2 (Ubuntu Hardy)	Low	Fix Released
811422	Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite	apache2 (Ubuntu Maverick)	Low	Fix Released
811422	Exploitable integer overflow on x86 in mod SetEnvIf, leading to buffer overwrite	apache2 (Ubuntu Natty)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-0021

References