Description

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

Remediation

References

CVE-2012-0053

Related Vulnerabilities

WordPress Plugin Contact Form 7 Zendesk Cross-Site Scripting (1.0.7)

WordPress Plugin FAQs Manager Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (1.0)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-0217)

WordPress Plugin Responsive Lightbox by dFactory Cross-Site Scripting (1.4.11)

WordPress Plugin WORDPRESS VIDEO GALLERY SQL Injection (2.7)

Severity

Medium

Classification

CVE-2012-0053

Tags

Missing Update Known Vulnerabilities