QwikSec

Security Database

CVE

CWE

Training

CVE-2012-1181

Published: Mar 19, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20120315 Re: CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost

mailing-list

x_refsource_MLIST

apache-modfcgid-dos(74181)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_DEBIAN

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615814

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

https://issues.apache.org/bugzilla/show_bug.cgi?id=49902

x_refsource_CONFIRM

[oss-security] 20120315 CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.