Description
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
Remediation
References
Related Vulnerabilities
VirtueMart access control bypass
Oracle Database Server CVE-2008-0346 Vulnerability (CVE-2008-0346)
WordPress Plugin Simple Business Directory with Maps PHP Object Injection (3.6.0)
Oracle Database Server CVE-2020-2511 Vulnerability (CVE-2020-2511)
Envoy Proxy Uncontrolled Recursion Vulnerability (CVE-2022-23606)