Vulnerability Name:

CVE-2012-4557 (CCN-80027)

Assigned:2012-01-04
Published:2012-01-04
Updated:2021-06-06
Summary:The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.6 Low (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2012-4557

Source: CONFIRM
Type: Patch, Vendor Advisory
http://httpd.apache.org/security/vulnerabilities_22.html#2.2.22

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:0243

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:0248

Source: HP
Type: UNKNOWN
SSRT101139

Source: CCN
Type: RHSA-2013-0512
Low: httpd security, bug fix, and enhancement update

Source: CCN
Type: SA51200
Xen Multiple Denial of Service Vulnerabilities

Source: CCN
Type: SA51214
Citrix XenServer Multiple Denial of Service Vulnerabilities

Source: CCN
Type: CTX135458
Citrix XenServer Multiple Security Updates

Source: CONFIRM
Type: Exploit
http://svn.apache.org/viewvc?view=revision&revision=1227298

Source: DEBIAN
Type: UNKNOWN
DSA-2579

Source: DEBIAN
Type: DSA-2579
apache2 -- Multiple issues

Source: CCN
Type: BID-56498
Xen Multiple Denial of Service Vulnerabilities

Source: CCN
Type: BID-56753
Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=871685

Source: XF
Type: UNKNOWN
xen-xennemaddtophysmap-dos(80027)

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1888194 [8/13] - /httpd/site/trunk/content/security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [9/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:18938

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:19284

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:http_server:2.2.18:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.19:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.12:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.20:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.21:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.14:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.15:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.16:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.17:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:xensource:xen:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:xensource:xen:4.1:*:*:*:*:*:*:*
  • AND
  • cpe:/a:citrix:xenserver:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xenserver:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/a:citrix:xenserver:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xenserver:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:citrix:xenserver:6.1:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20124557
    V
    CVE-2012-4557
    2022-05-20
    oval:org.opensuse.security:def:42270
    P
    Security update for permissions (Moderate)
    2022-01-20
    oval:org.opensuse.security:def:31330
    P
    Security update for xorg-x11-server (Important)
    2021-12-14
    oval:org.opensuse.security:def:33045
    P
    Security update for postgresql96 (Important)
    2021-11-22
    oval:org.opensuse.security:def:32214
    P
    Security update for pcre (Moderate)
    2021-11-10
    oval:org.opensuse.security:def:31697
    P
    Security update for opensc (Important)
    2021-10-29
    oval:org.opensuse.security:def:26145
    P
    Security update for the Linux Kernel (Important)
    2021-10-12
    oval:org.opensuse.security:def:26131
    P
    Security update for xen (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:33006
    P
    Security update for openssl (Low)
    2021-09-20
    oval:org.opensuse.security:def:26123
    P
    Security update for openssl-1_0_0 (Low)
    2021-09-09
    oval:org.opensuse.security:def:32158
    P
    Security update for dbus-1 (Important)
    2021-08-02
    oval:org.opensuse.security:def:32150
    P
    Security update for the Linux Kernel (Important)
    2021-07-22
    oval:org.opensuse.security:def:26092
    P
    Security update for the Linux Kernel (Important)
    2021-07-20
    oval:org.opensuse.security:def:31640
    P
    Security update for java-1_8_0-openjdk (Moderate)
    2021-06-15
    oval:org.opensuse.security:def:42489
    P
    apache2-2.2.12-1.51.52.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36082
    P
    apache2-2.2.12-1.51.52.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:31634
    P
    Security update for qemu (Important)
    2021-06-08
    oval:org.opensuse.security:def:36370
    P
    apache2-2.2.12-1.51.52.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:32106
    P
    Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)
    2021-06-04
    oval:org.opensuse.security:def:26057
    P
    Security update for libX11 (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:26043
    P
    Security update for bind (Important)
    2021-05-04
    oval:org.opensuse.security:def:32084
    P
    Security update for gdm (Important)
    2021-04-28
    oval:org.opensuse.security:def:26208
    P
    Security update for git (Important)
    2021-03-09
    oval:org.opensuse.security:def:26204
    P
    Security update for freeradius-server (Low)
    2021-03-04
    oval:org.opensuse.security:def:32263
    P
    Security update for java-1_8_0-ibm (Important)
    2021-02-26
    oval:org.opensuse.security:def:31342
    P
    Security update for screen (Important)
    2021-02-17
    oval:org.opensuse.security:def:26189
    P
    Security update for subversion (Important)
    2021-02-10
    oval:org.opensuse.security:def:31331
    P
    Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)
    2021-02-10
    oval:org.opensuse.security:def:25973
    P
    Security update for the Linux Kernel (Important)
    2020-12-09
    oval:org.opensuse.security:def:31560
    P
    Security update for python-cryptography (Moderate)
    2020-12-04
    oval:org.opensuse.security:def:32002
    P
    Security update for gdm (Important)
    2020-12-03
    oval:org.opensuse.security:def:35863
    P
    apache2-2.2.12-1.38.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:31549
    P
    Security update for screen (Low)
    2020-12-01
    oval:org.opensuse.security:def:26496
    P
    Security update for tmux (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26862
    P
    apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25919
    P
    Security update for libplist (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25839
    P
    Security update for gimp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26363
    P
    Security update for libgit2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25617
    P
    Security update for jasper (Low)
    2020-12-01
    oval:org.opensuse.security:def:26549
    P
    ft2demos on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25632
    P
    Security update for aspell (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27333
    P
    xorg-x11-libXrender-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26261
    P
    Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25698
    P
    Security update for dpdk (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25995
    P
    Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26310
    P
    Security update for Cloud Compute 12 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25425
    P
    Security update for bluez (Important)
    2020-12-01
    oval:org.opensuse.security:def:31940
    P
    Recommended update for glibc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27080
    P
    apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32368
    P
    Security update for tar (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31858
    P
    Security update for cups (Important)
    2020-12-01
    oval:org.opensuse.security:def:26651
    P
    xen on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25835
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31996
    P
    Security update for java-1_7_1-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25920
    P
    Security update for gstreamer-plugins-base (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25990
    P
    Security update for libvpx (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32788
    P
    star on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25413
    P
    Security update for ucode-intel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26407
    P
    Security update for libmad (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25916
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:32302
    P
    Security update for python (Important)
    2020-12-01
    oval:org.opensuse.security:def:31416
    P
    Security update for php53 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26598
    P
    libpulse-browse0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25643
    P
    Security update for hunspell (Low)
    2020-12-01
    oval:org.opensuse.security:def:27368
    P
    apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31548
    P
    Security update for sblim-sfcb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26345
    P
    Security update for libgit2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26827
    P
    sysstat on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25755
    P
    Security update for libreoffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26349
    P
    Security update for redis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25489
    P
    Security update for pam_radius (Important)
    2020-12-01
    oval:org.opensuse.security:def:25631
    P
    Security update for tar (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31915
    P
    Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26695
    P
    fetchmail on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32045
    P
    Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25931
    P
    Security update for libcares2 (Low)
    2020-12-01
    oval:org.opensuse.security:def:32827
    P
    apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25414
    P
    Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:31784
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:27045
    P
    tgt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32324
    P
    Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:31766
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26637
    P
    ruby on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25707
    P
    Security update for java-1_7_1-ibm (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:18938
    V
    HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities
    2015-04-20
    oval:org.mitre.oval:def:19284
    V
    HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Cross Site Scripting (XSS)
    2015-04-20
    oval:org.mitre.oval:def:25484
    P
    SUSE-SU-2013:0830-1 -- Security update for Apache
    2014-09-08
    oval:org.mitre.oval:def:25561
    P
    SUSE-SU-2013:0389-1 -- Security update for Apache
    2014-09-08
    oval:org.mitre.oval:def:26047
    P
    SUSE-SU-2013:0469-1 -- Security update for apache2
    2014-09-08
    oval:org.mitre.oval:def:18061
    P
    USN-1765-1 -- apache2 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:18468
    P
    DSA-2579-1 apache2 - several
    2014-06-23
    oval:org.mitre.oval:def:23943
    P
    ELSA-2013:0512: httpd security, bug fix, and enhancement update (Low)
    2014-05-26
    oval:org.mitre.oval:def:21066
    P
    RHSA-2013:0512: httpd security, bug fix, and enhancement update (Low)
    2014-02-17
    oval:com.redhat.rhsa:def:20130512
    P
    RHSA-2013:0512: httpd security, bug fix, and enhancement update (Low)
    2013-02-21
    oval:com.ubuntu.precise:def:20124557000
    V
    CVE-2012-4557 on Ubuntu 12.04 LTS (precise) - low.
    2012-11-30
    BACK
    apache http server 2.2.18
    apache http server 2.2.19
    apache http server 2.2.12
    apache http server 2.2.13
    apache http server 2.2.20
    apache http server 2.2.21
    apache http server 2.2.14
    apache http server 2.2.15
    apache http server 2.2.16
    apache http server 2.2.17
    xensource xen 3.0
    xensource xen 4.1
    citrix xenserver 5.5
    citrix xenserver 5.0
    redhat enterprise linux 6
    redhat enterprise linux 6
    citrix xenserver 5.6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6
    citrix xenserver 6.0
    citrix xenserver 6.1