Release date:
Updated on:
Affected Systems:
Apache Group Apache 2.2.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51407
Cve id: CVE-2012-0031
Apache HTTP Server is an open-source Web Server of the Apache Software Foundation. It can be run in most computer operating systems. It is widely used for cross-platform and security, is one of the most popular Web server software.
Sub-processes in Apache HTTP Server can change the memory type record of the shared memory segment of scoreboard. This can be exploited to invalidate the release operation when the parent process is disabled, so that local attackers can bypass certain security restrictions.
<* Source: halfdog
Link: http://secunia.com/advisories/47410/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.apache.org