Buffer overflow in Apache Http_server

CVE-2012-1181

fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consu…

Vulnerability class: Buffer Overflow

EPSS: 0.097 (93.1th percentile) — read the EPSS interpretation.

Affected products

Apache Http_server — versions 2.3.6
Apache Mod_fcgid — versions 2.3.6
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

[oss-security] 20120315 Re: CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost (mailing-list, x_refsource_MLIST)
apache-modfcgid-dos(74181) (vdb-entry, x_refsource_XF)
DSA-2436 (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM)
52565 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
[oss-security] 20120315 CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost (mailing-list, x_refsource_MLIST)