Apache HTTPD mod_log_config DoS

February 10, 2012

The Apache HTTP server is the most popular HTTP server software in use. It supports a variety of features, many implemented as compiled modules which extend the core functionality. One of the modules, the mod_log_config, provides flexible logging mechanism of client requests.

An HTTP cookie is used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin site. The state information can be used for authentication, identification of a user session, or anything else that can be accomplished through storing text data on the user's computer. Cookies are sent in the HTTP Cookie header field as a series of [name]=[value] pairs separated by semicolons.

A null-pointer-dereference vulnerability exists in Apache HTTP server's mod_log_config module. A remote attacker can exploit this vulnerability by continuously sending crafted HTTP requests, which contain Cookie header that lacks both a name and a value. A successful attack could result in a denial-of-service to an Apache HTTP server running mod_log_config.

The vulnerability has been assigned as CVE-2012-0021.

SonicWALL has released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed below:

  • 3432 Suspicious HTTP Cookie Header 5