cve/CVE-2012-0021.md at master

0xMarcio/cve

Fork 0

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

972 B

Raw Permalink Blame History

CVE-2012-0021

Description

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.

POC

Reference

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

Github

https://github.com/8ctorres/SIND-Practicas
https://github.com/syadg123/pigat
https://github.com/teamssix/pigat

972 B Raw Permalink Blame History

CVE-2012-0021

Description

POC

Reference

Github

972 B

Raw Permalink Blame History