Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2012-0031

Published: 18/01/2012 Updated: 07/11/2023
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 465
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Apache

Vulnerability Summary

scoreboard.c in the Apache HTTP Server 2.2.21 and previous versions might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

debian debian linux 5.0

debian debian linux 7.0

debian debian linux 6.0

opensuse opensuse 11.4

suse linux enterprise software development kit 10

suse linux enterprise server 10

redhat jboss_enterprise_web_server 1.0.0

redhat enterprise linux server aus 6.2

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat storage 2.0

redhat enterprise linux eus 6.2

Vendor Advisories

Ubuntu Security Notice: apache2 vulnerabilities
Several security issues were fixed in the Apache HTTP Server ...
Red Hat: Moderate: httpd security update
Synopsis Moderate: httpd security update Type/Severity Security Advisory: Moderate Topic Updated httpd packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability S ...
Red Hat: Moderate: httpd security update
Synopsis Moderate: httpd security update Type/Severity Security Advisory: Moderate Topic Updated httpd packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability S ...
Red Hat: Moderate: httpd security and bug fix update
Synopsis Moderate: httpd security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated httpd packages that fix multiple security issues and one bug arenow available for JBoss Enterprise Web Server 102 for Red Hat EnterpriseLinux 5 and 6The Red Hat Security Response Team has rated th ...
Amazon Linux AMI: ALAS-2012-046
It was discovered that the fix for CVE-2011-3368 did not completely address the problem An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 09 request, or by using a specially-crafted URI (CVE-2011-3639, CVE-2011-4317) The httpd server include ...

Exploits

Exploit DB: Apache 2.2 - Scoreboard Invalid Free On Shutdown
Source: wwwhalfdognet/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/ ## Introduction Apache 22 webservers may use a shared memory segment to share child process status information (scoreboard) between the child processes and the parent process running as root A child running with lower privileges than the parent process might tri ...

References

NVD-CWE-noinfohttps://bugzilla.redhat.com/show_bug.cgi?id=773744http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/http://svn.apache.org/viewvc?view=revision&revision=1230065http://secunia.com/advisories/47410http://www.securityfocus.com/bid/51407http://rhn.redhat.com/errata/RHSA-2012-0128.htmlhttp://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.htmlhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.htmlhttp://secunia.com/advisories/48551http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.htmlhttp://support.apple.com/kb/HT5501http://marc.info/?l=bugtraq&m=134987041210674&w=2http://www.mandriva.com/security/advisories?name=MDVSA-2013:150http://marc.info/?l=bugtraq&m=133494237717847&w=2http://www.debian.org/security/2012/dsa-2405http://rhn.redhat.com/errata/RHSA-2012-0543.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0542.htmlhttp://marc.info/?l=bugtraq&m=133294460209056&w=2http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:012https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Ehttps://usn.ubuntu.com/1368-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/41768/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook