View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2012-0053 severity moderate: SUSE including 94 source package names (apache2-2.2.12-1.30.1, apache2-2.2.12-1.38.2, …), 118 product×package rows across 24 product lines (SUSE Linux Enterprise High Performance Computing 12 SP5, SUSE Linux Enterprise Module for Server Applications 15, … (24 product lines)): Fixed 118.
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.