CVE-2012-4557

Published: 30 November 2012

The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.

Priority

Status

Package	Release	Status
apache2 Launchpad, Ubuntu, Debian	upstream	Released (2.2.22-1)
	hardy	Released (2.2.8-1ubuntu0.25)
	lucid	Released (2.2.14-5ubuntu8.11)
	oneiric	Released (2.2.20-1ubuntu1.4)
	precise	Not vulnerable (2.2.22-1ubuntu1)
	quantal	Not vulnerable
	Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1227298 vendor: http://www.debian.org/security/2012/dsa-2579

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4557
http://httpd.apache.org/security/vulnerabilities_22.html#2.2.22
https://ubuntu.com/security/notices/USN-1765-1
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=871685

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›