Intrusion Prevention

Apache.httpOnly.Cookie.Disclosure

Description

This indicates an attack attempt against a HTTP Cookies Disclosure vulnerability in Apache HTTP web server.
The vulnerability is caused because the vulnerable software does not properly restrict header information during construction of Bad Request error documents. It allows a remote attacker to obtain HTTP cookies via sending a crafted web script.

Affected Products

Apache HTTP Server 2.2.x through 2.2.21

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the web site.
http://httpd.apache.org/

CVE References

CVE-2012-0053