CVE-2012-3526

Publication date 5 September 2012

Last updated 24 July 2024

The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libapache2-mod-rpaf	12.04 LTS precise	Not affected
	11.10 oneiric	Fixed 0.5-3+squeeze1build0.11.10.1
	11.04 natty	Fixed 0.5-3+squeeze1build0.11.04.1
	10.04 LTS lucid	Fixed 0.5-3+squeeze1build0.10.04.1
	8.04 LTS hardy	Fixed 0.5-3+squeeze1build0.8.04.1

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2012-3526