CVE-2012-3526 — libapache2-mod-rpaf - denial of service

Description

The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.

How to fix CVE-2012-3526

To remediate CVE-2012-3526, upgrade the affected package to a fixed version below.

Debian/libapache2-mod-rpaf—upgrade to 0.6-1 or later
Debian/libapache2-mod-rpaf—upgrade to 0.5-3+squeeze1 or later

Is CVE-2012-3526 being exploited?

Moderate — EPSS is 7.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 0.6-1
from 0, < 0.5-3+squeeze1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-3526