Exploit the possiblities
Showing 1 - 18 of 18 RSS Feed

CVE-2012-0053

Status Candidate

Overview

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

Related Files

HP Security Bulletin HPSBMU02786 SSRT100877 2
Posted May 9, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02786 SSRT100877 2 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux, Windows, and VMware ESX. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows
advisories | CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012, CVE-2012-2013, CVE-2012-2014, CVE-2012-2015, CVE-2012-2016
MD5 | 80f8158182e481b6569a26d38a63761b
HP Security Bulletin HPSBST02848 SSRT101112
Posted Mar 28, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02848 SSRT101112 - A potential security vulnerability has been identified with HP XP P9000 Command View Advanced Edition Suite products including HP P9000 Command View Advanced Edition Software (DevMgr), HP XP Provisioning Manager Software (ProvMgr), HP P9000 Replication Manager Software (RepMgr), and HP P9000 Tiered Storage Manager Software (TSMgr). The vulnerability could be remotely exploited resulting in a disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2012-0053
MD5 | 1f4895e28eefb6a4561426b6a571ecb9
Apple Security Advisory 2012-09-19-2
Posted Sep 22, 2012
Authored by Apple | Site apple.com

Apple Security Advisory 2012-09-19-2 - OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address Apache, BIND, CoreText, Data Security, and many other vulnerabilities.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2011-3026, CVE-2011-3048, CVE-2011-3368, CVE-2011-3389, CVE-2011-3607, CVE-2011-4313, CVE-2011-4317, CVE-2011-4599, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2012-0643, CVE-2012-0650, CVE-2012-0652, CVE-2012-0668, CVE-2012-0670, CVE-2012-0671, CVE-2012-0831, CVE-2012-1172, CVE-2012-1173, CVE-2012-1667, CVE-2012-1823, CVE-2012-2143, CVE-2012-2311, CVE-2012-2386, CVE-2012-2688, CVE-2012-3716, CVE-2012-3718
MD5 | 84dbb60b867b299238ac262bdf6502cf
HP Security Bulletin HPSBMU02786 SSRT100877
Posted Jun 28, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02786 SSRT100877 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows
advisories | CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823, CVE-2012-2012, CVE-2012-2013, CVE-2012-2014, CVE-2012-2015, CVE-2012-2016
MD5 | 31d29fe7aaae474acd1185e3d5e9e226
Gentoo Linux Security Advisory 201206-25
Posted Jun 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-25 - Multiple vulnerabilities were found in Apache HTTP Server. Versions less than 2.2.22-r1 are affected.

tags | advisory, web, vulnerability
systems | linux, gentoo
advisories | CVE-2010-0408, CVE-2010-0434, CVE-2010-1452, CVE-2010-2791, CVE-2011-3192, CVE-2011-3348, CVE-2011-3368, CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2012-0883
MD5 | 53c4b0ae9ad177ed4c64c32f4a9a2a33
HP Security Bulletin HPSBMU02776 SSRT100852
Posted Jun 12, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02776 SSRT100852 - Potential security vulnerabilities have been identified with HP Onboard Administrator (OA). The vulnerabilities could be exploited remotely resulting in unauthorized access to data, unauthorized disclosure of information, and Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2011-1473, CVE-2011-2691, CVE-2011-3192, CVE-2011-4108, CVE-2011-4576, CVE-2011-4619, CVE-2012-0050, CVE-2012-0053, CVE-2012-0884, CVE-2012-1583, CVE-2012-2110
MD5 | e586982a7e6c33e479a4d3923b9eab86
Red Hat Security Advisory 2012-0542-01
Posted May 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0542-01 - The Apache HTTP Server is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3348, CVE-2011-3368, CVE-2011-3607, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
MD5 | 5adb57a1ef052fd2f2be08aace868d3d
Red Hat Security Advisory 2012-0543-01
Posted May 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0543-01 - The Apache HTTP Server is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-3348, CVE-2011-3368, CVE-2011-3607, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
MD5 | c7c4f20e7c496949f7d60a1429af7769
HP Security Bulletin HPSBUX02761 SSRT100823
Posted Apr 21, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02761 SSRT100823 - Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to gain a local increase of privilege. Revision 1 of this advisory.

tags | advisory, denial of service, local, vulnerability
systems | hpux
advisories | CVE-2011-3607, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
MD5 | e392c4442c827b3916ff50f51e822fba
HP Security Bulletin HPSBMU02748 SSRT100772
Posted Mar 29, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02748 SSRT100772 - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache HTTP Server. The vulnerabilities could be exploited remotely resulting in unauthorized disclosure of information, unauthorized modification, or Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
advisories | CVE-2011-3368, CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
MD5 | ba1adbdc0853dbcaf1753bf00de17fcb
Red Hat Security Advisory 2012-0323-01
Posted Feb 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0323-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.

tags | advisory, web, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2011-3607, CVE-2011-3639, CVE-2012-0031, CVE-2012-0053
MD5 | 77c4cfb8bb62be5e7bd606ced059230b
Ubuntu Security Notice USN-1368-1
Posted Feb 17, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1368-1 - It was discovered that the Apache HTTP Server incorrectly handled the SetEnvIf .htaccess file directive. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. Prutha Parikh discovered that the mod_proxy module did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external exposure. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053, CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
MD5 | 1d078ff082d235649b6924ec90bd961f
Red Hat Security Advisory 2012-0128-01
Posted Feb 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0128-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.

tags | advisory, web, arbitrary, javascript
systems | linux, redhat
advisories | CVE-2011-3607, CVE-2011-3639, CVE-2011-4317, CVE-2012-0031, CVE-2012-0053
MD5 | ce67abb6802590c6f0b99d3695455e2c
Slackware Security Advisory - httpd Updates
Posted Feb 13, 2012
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. The apr-util package has also been updated to the latest version.

tags | advisory
systems | linux, slackware
advisories | CVE-2011-3368, CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
MD5 | d61005b7a9566d651c56b41407ab7467
Debian Security Advisory 2405-1
Posted Feb 7, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2405-1 - Several vulnerabilities have been found in the Apache HTTPD Server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-3607, CVE-2011-3368, CVE-2011-3639, CVE-2011-4317, CVE-2012-0031, CVE-2012-0053
MD5 | 5a79e4aa83dfdf8a9466052499b4f384
Mandriva Linux Security Advisory 2012-012
Posted Feb 3, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-012 - Multiple vulnerabilities has been found and corrected in Apache. The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a \%{}C format string, which allows remote attackers to cause a denial of service via a cookie that lacks both a name and a value. scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, local, vulnerability
systems | linux, mandriva
advisories | CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
MD5 | 145fdcbbe9f6eaa1faa44e479b0dddb4
Apache 2.2.22 Multiple Updates
Posted Feb 2, 2012
Site httpd.apache.org

Apache HTTP Server version 2.2.22 has been released. It addresses a wide array of vulnerabilities ranging from denial of service to integer overflow issues.

tags | advisory, web, denial of service, overflow, vulnerability
advisories | CVE-2011-3368, CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
MD5 | 2b97a73d1c64253306a0cda3d5cfb625
Apache protocol.c Cookie Disclosure
Posted Jan 31, 2012
Authored by pilate

Proof of concept code for a vulnerability in protocol.c from Apache versions 2.2.x through 2.2.21. The issue is that it does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies.

tags | exploit, remote, protocol, proof of concept, info disclosure
advisories | CVE-2012-0053
MD5 | 657f1bf4056ef716235936fdcd302d24
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    6 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close