Vulnerability Description
The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | 2.2.12 |
Related Weaknesses (CWE)
References
- http://httpd.apache.org/security/vulnerabilities_22.html#2.2.22PatchVendor Advisory
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
- http://marc.info/?l=bugtraq&m=136612293908376&w=2
- http://svn.apache.org/viewvc?view=revision&revision=1227298Exploit
- http://www.debian.org/security/2012/dsa-2579
- https://bugzilla.redhat.com/show_bug.cgi?id=871685
- https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772
- https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f74
- https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e
- https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76f
- https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d65
- https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb
- https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905
- https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b
FAQ
What is CVE-2012-4557?
CVE-2012-4557 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cau...
How severe is CVE-2012-4557?
CVE-2012-4557 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4557?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.