E12-59d01
CVSS:
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
False Positive:
f
Variants:
1
Year:
2012
Description
This strike exploits a vulnerability in Apache HTTPD. When an a header of over 8190 characters is sent to the server it returns a 400 Bad Request page. If no custom error page is set, a default page containing the offending header is sent to the client. When run the script sets malicious cookies with overly long cookie headers. When this request is compiled and sent to the server it discloses all cookies including the httponly.