SB2012041805 - Multiple vulnerabilities in HP-UX Running Apache

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2012041805

SB2012041805 - Multiple vulnerabilities in HP-UX Running Apache

Published: April 18, 2012 Updated: April 28, 2023

Security Bulletin ID SB2012041805
Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2011-3607)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled,. A remote attacker can use a .htaccess file with a crafted SetEnvIf directive to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Input validation error (CVE-ID: CVE-2012-0021)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.


3) Resource management error (CVE-ID: CVE-2012-0031)

The vulnerability allows a local non-authenticated attacker to read and manipulate data.

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.


4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-0053)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.


Remediation

Install update from vendor's website.

References