CVE-2012-1181
Priority
Medium
Description
fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server
does not recognize the FcgidMaxProcessesPerClass directive for a virtual
host, which makes it easier for remote attackers to cause a denial of
service (memory consumption) via a series of HTTP requests that triggers a
process count higher than the intended limit.
does not recognize the FcgidMaxProcessesPerClass directive for a virtual
host, which makes it easier for remote attackers to cause a denial of
service (memory consumption) via a series of HTTP requests that triggers a
process count higher than the intended limit.
Package
| Upstream: | released (1:2.3.6-1.1) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | needed |
| Ubuntu 11.10 (Oneiric Ocelot): | released (1:2.3.6-1+squeeze1build0.11.10.1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | released (1:2.3.6-1.1) |
| Ubuntu 12.10 (Quantal Quetzal): | released (1:2.3.6-1.1) |
| Ubuntu 13.04 (Raring Ringtail): | released (1:2.3.6-1.1) |
Patches:
| Patch: | r1037727 |