Test ID:	1.3.6.1.4.1.25623.1.0.902830
Category:	Web Servers
Title:	Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
Summary:	Check Apache httpd web server is vulnerable to Cookie Disclosure
Description:	Description: Overview: This host is running Apache HTTP Server and is prone to cookie information disclosure vulnerability. Vulnerability Insight: The flaw is due to an error within the default error response for status code 400 when no custom ErrorDocument is configured, which can be exploited to expose 'httpOnly' cookies. Impact: Successful exploitation will allow attackers to obtain sensitive information that may aid in further attacks. Impact Level: Application Affected Software/OS: Apache HTTP Server versions 2.2.0 through 2.2.21 Fix: Upgrade to Apache HTTP Server version 2.2.22 or later, For updates refer to http://httpd.apache.org/ References: http://osvdb.org/78556 http://secunia.com/advisories/47779 http://www.exploit-db.com/exploits/18442 http://rhn.redhat.com/errata/RHSA-2012-0128.html http://httpd.apache.org/security/vulnerabilities_22.html http://svn.apache.org/viewvc?view=revision&revision=1235454 http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Cross-Ref:	BugTraq ID: 51706 Common Vulnerability Exposure (CVE) ID: CVE-2012-0053 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html Debian Security Information: DSA-2405 (Google Search) http://www.debian.org/security/2012/dsa-2405 HPdes Security Advisory: HPSBMU02786 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 HPdes Security Advisory: SSRT100877 HPdes Security Advisory: HPSBST02848 http://marc.info/?l=bugtraq&m=136441204617335&w=2 HPdes Security Advisory: SSRT101112 HPdes Security Advisory: HPSBMU02776 http://marc.info/?l=bugtraq&m=133951357207000&w=2 HPdes Security Advisory: HPSBUX02761 http://marc.info/?l=bugtraq&m=133494237717847&w=2 HPdes Security Advisory: SSRT100823 HPdes Security Advisory: SSRT100852 HPdes Security Advisory: HPSBMU02748 http://marc.info/?l=bugtraq&m=133294460209056&w=2 HPdes Security Advisory: SSRT100772 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.mandriva.com/security/advisories?name=MDVSA-2012:012 RedHat Security Advisories: RHSA-2012:0128 http://rhn.redhat.com/errata/RHSA-2012-0128.html RedHat Security Advisories: RHSA-2012:0542 http://rhn.redhat.com/errata/RHSA-2012-0542.html RedHat Security Advisories: RHSA-2012:0543 http://rhn.redhat.com/errata/RHSA-2012-0543.html SuSE Security Announcement: openSUSE-SU-2012:0314 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html SuSE Security Announcement: SUSE-SU-2012:0323 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html http://www.securityfocus.com/bid/51706 http://secunia.com/advisories/48551
Copyright	Copyright (C) 2012 SecPod

This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: