{"id":"DEBIAN-CVE-2012-3526","details":"The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.","modified":"2026-04-28T20:07:57.832941Z","published":"2012-09-05T23:55:01.803Z","upstream":["CVE-2012-3526"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2012-3526"}],"affected":[{"package":{"name":"libapache2-mod-rpaf","ecosystem":"Debian:11","purl":"pkg:deb/debian/libapache2-mod-rpaf?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-3526.json"}},{"package":{"name":"libapache2-mod-rpaf","ecosystem":"Debian:12","purl":"pkg:deb/debian/libapache2-mod-rpaf?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-3526.json"}},{"package":{"name":"libapache2-mod-rpaf","ecosystem":"Debian:13","purl":"pkg:deb/debian/libapache2-mod-rpaf?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-3526.json"}},{"package":{"name":"libapache2-mod-rpaf","ecosystem":"Debian:14","purl":"pkg:deb/debian/libapache2-mod-rpaf?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-3526.json"}}],"schema_version":"1.7.5"}