CVE-2012-1181

2012-03-1921:55:01

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.012

Percentile

84.9%

JSON

fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.

OSVersionArchitecturePackageVersionFilename
Debian12alllibapache2-mod-fcgid< 1:2.3.6-1.1libapache2-mod-fcgid_1:2.3.6-1.1_all.deb
Debian11alllibapache2-mod-fcgid< 1:2.3.6-1.1libapache2-mod-fcgid_1:2.3.6-1.1_all.deb
Debian999alllibapache2-mod-fcgid< 1:2.3.6-1.1libapache2-mod-fcgid_1:2.3.6-1.1_all.deb
Debian13alllibapache2-mod-fcgid< 1:2.3.6-1.1libapache2-mod-fcgid_1:2.3.6-1.1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libapache2-mod-fcgid	< 1:2.3.6-1.1	libapache2-mod-fcgid_1:2.3.6-1.1_all.deb
Debian	11	all	libapache2-mod-fcgid	< 1:2.3.6-1.1	libapache2-mod-fcgid_1:2.3.6-1.1_all.deb
Debian	999	all	libapache2-mod-fcgid	< 1:2.3.6-1.1	libapache2-mod-fcgid_1:2.3.6-1.1_all.deb
Debian	13	all	libapache2-mod-fcgid	< 1:2.3.6-1.1	libapache2-mod-fcgid_1:2.3.6-1.1_all.deb