Vulnerabilities > CVE-2012-3526 - Denial of Service vulnerability in Thomas Eibner MOD Rpaf 0.5/0.6

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
thomas-eibner
apache
nessus

Summary

The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.

Vulnerable Configurations

Part Description Count
Application
Thomas_Eibner
2
Application
Apache
1

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-201209-20.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-201209-20 (mod_rpaf: Denial of Service) An error has been found in the way mod_rpaf handles X-Forwarded-For headers. Please review the CVE identifier referenced below for details. Impact : A remote attacker could send a specially crafted HTTP header, possibly resulting in a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen2020-06-01
modified2020-06-02
plugin id62362
published2012-09-28
reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/62362
titleGLSA-201209-20 : mod_rpaf: Denial of Service