CVE-2012-1181
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
fcgid_spawn_ctl.c en el módulo de mod_fcgid v2.3.6 para el Servidor Apache HTTP no reconoce la directiva FcgidMaxProcessesPerClass para un host virtual, lo que hace que sea más fácil para los atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una serie de peticiones HTTP que desencadena un proceso de contar superior al límite previsto.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-02-14 CVE Reserved
- 2012-03-19 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615814 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2012/03/15/10 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/03/16/2 | Mailing List |
|
| http://www.securityfocus.com/bid/52565 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74181 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://issues.apache.org/bugzilla/show_bug.cgi?id=49902 | 2017-08-29 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2012/dsa-2436 | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.3.6 Search vendor "Apache" for product "Http Server" and version "2.3.6" | - |
Safe
| ||||||
| Apache Search vendor "Apache" | Mod Fcgid Search vendor "Apache" for product "Mod Fcgid" | 2.3.6 Search vendor "Apache" for product "Mod Fcgid" and version "2.3.6" | - |
Affected
| ||||||