CVE-2012-1181

Publication date 19 March 2012

Last updated 24 July 2024


Ubuntu priority

fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.

Status

Package Ubuntu Release Status
libapache2-mod-fcgid 13.10 saucy
Fixed 1:2.3.6-1.1
13.04 raring
Fixed 1:2.3.6-1.1
12.10 quantal
Fixed 1:2.3.6-1.1
12.04 LTS precise
Fixed 1:2.3.6-1.1
11.10 oneiric
Fixed 1:2.3.6-1+squeeze1build0.11.10.1
11.04 natty
Fixed 1:2.3.6-1+squeeze1build0.11.04.1
10.10 maverick Ignored end of life
10.04 LTS lucid Ignored end of life
8.04 LTS hardy Ignored end of life