Apache HTTPD: mod_proxy_ajp remote DoS (CVE-2012-4557)
|5||(AV:N/AC:L/Au:N/C:N/I:N/A:P)||November 01, 2012||November 01, 2012||December 11, 2013|
The affected asset is vulnerable to this vulnerability ONLY if it is running one of the following modules: mod_proxy_ajp. Review your web server configuration for validation. A flaw was found when mod_proxy_ajp connects to a backend server that takes too long to respond. Given a specific configuration, a remote attacker could send certain requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
- RHSA-2013:0512: httpd security, bug fix, and enhancement update
- USN-1765-1: Apache HTTP Server vulnerabilities
- ELSA-2013-0512 Low: Oracle Linux httpd security, bug fix, and enhancement update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- SUSE Linux Security Vulnerability: CVE-2012-4557
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 4
- DSA-2579-1 apache2 -- Multiple issues
- HP-UX: CVE-2012-4557: Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Cross Site Scripting (XSS)
- RHSA-2011:0897: JBoss Enterprise Web Server 1.0.2 update