Signature Detail

Short Name	HTTP:APACHE:HTTPD-MODLOG-COOKIE
Severity	High
Recommended	Yes
Recommended Action	Drop
Category	HTTP
Keywords	Apache HTTPD mod_log_config Cookie Handling Denial of Service
Release Date	2013/01/08
Update Number	2223
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Apache HTTPD mod_log_config Cookie Handling Denial of Service

This signature detects attempts to exploit a known vulnerability against Apache httpd. A successful attack can result in a denial-of-service condition.

Extended Description

Apache HTTP Server is prone to a denial-of-service vulnerability. Successful exploits will result in a denial-of-service condition. The vulnerability affects Apache HTTP Server versions 2.2.17, 2.2.18, 2.219, 2.2.20, and 2.2.21.

Affected Products

Apache Software Foundation Apache 2.2.17
Apache Software Foundation Apache 2.2.18
Apache Software Foundation Apache 2.2.19
Apache Software Foundation Apache 2.2.20
Apache Software Foundation Apache 2.2.21
Gentoo Linux
HP HP-UX B.11.11
HP HP-UX B.11.23
HP HP-UX B.11.31
HP OpenView Network Node Manager 7.53 - Hp-Ux
HP OpenView Network Node Manager 7.53 - Linux
HP OpenView Network Node Manager 7.53 - Solaris
HP System Management Homepage 6.0
HP System Management Homepage 6.1
HP System Management Homepage 6.2
HP System Management Homepage 6.3
HP System Management Homepage 7.0
HP System Management Homepage 7.1
Mandriva Enterprise Server 5
Mandriva Enterprise Server 5 X86 64
Mandriva Linux Mandrake 2010.1
Mandriva Linux Mandrake 2010.1 X86 64
Mandriva Linux Mandrake 2011
Mandriva Linux Mandrake 2011 x86_64
Red Hat Fedora 15
Red Hat Fedora 16
Red Hat JBoss Enterprise Web Server for RHEL 5 Server 1.0.0
Red Hat JBoss Enterprise Web Server for RHEL 6 1.0.0
Slackware Linux 12.0
Slackware Linux 12.1
Slackware Linux 12.2
Slackware Linux 13.0
Slackware Linux 13.0 X86 64
Slackware Linux 13.1
Slackware Linux 13.1 X86 64
Slackware Linux 13.37
Slackware Linux 13.37 x86_64
Slackware Linux -Current
Slackware Linux X86 64 -Current
Ubuntu Ubuntu Linux 10.04 Amd64
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 I386
Ubuntu Ubuntu Linux 10.04 Powerpc
Ubuntu Ubuntu Linux 10.04 Sparc
Ubuntu Ubuntu Linux 10.10 amd64
Ubuntu Ubuntu Linux 10.10 ARM
Ubuntu Ubuntu Linux 10.10 i386
Ubuntu Ubuntu Linux 10.10 powerpc
Ubuntu Ubuntu Linux 11.04 amd64
Ubuntu Ubuntu Linux 11.04 ARM
Ubuntu Ubuntu Linux 11.04 i386
Ubuntu Ubuntu Linux 11.04 powerpc
Ubuntu Ubuntu Linux 11.10 amd64
Ubuntu Ubuntu Linux 11.10 i386
Ubuntu Ubuntu Linux 8.04 LTS Amd64
Ubuntu Ubuntu Linux 8.04 LTS I386
Ubuntu Ubuntu Linux 8.04 LTS Lpia
Ubuntu Ubuntu Linux 8.04 LTS Powerpc
Ubuntu Ubuntu Linux 8.04 LTS Sparc

References

BugTraq: 51705
CVE: CVE-2012-0021
URL: http://httpd.apache.org/security/vulnerabilities_22.html

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Apache HTTPD mod_log_config Cookie Handling Denial of Service

Extended Description

Affected Products

References