VDB
CVE-2012-1181
CVE-2012-1181
PUBLISHED
CVSS 5 MEDIUM
fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
EPSS 9.73% · 93.1th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
9.73%
93.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| apache | mod_fcgid | 2.3.6 |
Timeline
- Mar 19, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Aug 6, 2024 CVE Updated
- Mar 17, 2025 EPSS Score
- Mar 21, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- May 1, 2025 EPSS Score
- May 4, 2025 EPSS Score
- Jun 1, 2025 EPSS Score
References
- [oss-security] 20120315 Re: CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost mailing-list
- apache-modfcgid-dos(74181) vdb
- DSA-2436 vendor-advisory
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615814 url
- 52565 vdb
- https://issues.apache.org/bugzilla/show_bug.cgi?id=49902 url
- [oss-security] 20120315 CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2012-1181 advisory