CVE-2012-1181

EPSS 9.7%

libapache2-mod-fcgid - inactive resource limits

Published: 3/19/2012Modified: 4/28/2026

Description

fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.

Affected packages (2)

Debian/libapache2-mod-fcgidfrom 0, < 1:2.3.6-1.1
Debian/libapache2-mod-fcgidfrom 0, < 1:2.3.6-1+squeeze1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-1181