CVE-2012-0031

Description

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

How to fix CVE-2012-0031

To remediate CVE-2012-0031, upgrade the affected package to a fixed version below.

• Debian/apache2—upgrade to 2.2.22-1 or later

Is CVE-2012-0031 being exploited?

Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.2.22-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-0031