CVE-2012-0053

Source
https://nvd.nist.gov/vuln/detail/CVE-2012-0053
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2012-0053.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2012-0053
Related
Published
2012-01-28T04:05:00Z
Modified
2024-06-30T12:00:03Z
Summary
[none]
Details

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

References

Affected packages

Debian:11 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.22-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.22-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.22-1

Ecosystem specific

{
    "urgency": "low"
}