危険度:
  CVE識別番号: CVE-2012-0053
  情報公開日: 7 21, 2015

  概要

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

  トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

  対応方法

  Trend Micro Deep Security DPI Rule Number: 1005436
  Trend Micro Deep Security DPI Rule Name: 1000131 - HTTP Header Length Restriction

  影響を受けるソフトウェア

  • apache http_server 2.2
  • apache http_server 2.2.0
  • apache http_server 2.2.1
  • apache http_server 2.2.10
  • apache http_server 2.2.11
  • apache http_server 2.2.12
  • apache http_server 2.2.13
  • apache http_server 2.2.14
  • apache http_server 2.2.15
  • apache http_server 2.2.16
  • apache http_server 2.2.17
  • apache http_server 2.2.18
  • apache http_server 2.2.19
  • apache http_server 2.2.2
  • apache http_server 2.2.20
  • apache http_server 2.2.21
  • apache http_server 2.2.3
  • apache http_server 2.2.4
  • apache http_server 2.2.6
  • apache http_server 2.2.8
  • apache http_server 2.2.9