- Description
- The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
- Source
- security@debian.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.4
- Impact score
- 6.4
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:apache2:*:squeeze6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0FF9A6EA-5DFA-4457-B5C5-02D56EB51EEE",
"versionEndIncluding": "2.2.16-6"
},
{
"criteria": "cpe:2.3:a:debian:apache2:*:wheezy:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B862837-4D47-48D9-9731-CAD69E15945F",
"versionEndIncluding": "2.2.22-1"
},
{
"criteria": "cpe:2.3:a:debian:apache2:*:sid:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D6FA2D6-B320-4E51-BBDA-54057639E6D9",
"versionEndIncluding": "2.22-3"
}
],
"operator": "OR"
}
]
}
]