CVE-2012-2687
Published Aug 22, 2012
Last updated a year ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.6
- Impact score
- 2.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Evaluator
- Comment
- Per http://httpd.apache.org/security/vulnerabilities_22.html versions 2.2.x before 2.2.23 are also vulnerable.
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67AD11FB-529C-404E-A13B-284F145322B8"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "733D62FE-180A-4AE8-9DBF-DA1DC18C1932"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCBBB7FE-35FC-4515-8393-5145339FCE4D"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F519633F-AB68-495A-B85E-FD41F9F752CA"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A894BED6-C97D-4DA4-A13D-9CB2B3306BC5"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34A847D1-5AD5-4EFD-B165-7602AFC1E656"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9AF3A0F5-4E5C-4278-9927-1F94F25CCAFC"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB63EBE5-CF14-491E-ABA5-67116DFE3E5B"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C2A33DE-F55F-4FD8-BB00-9C1E006CA65C"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1CF6394-95D9-42AF-A442-385EFF9CEFE1"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02B629FB-88C8-4E85-A137-28770F1E524E"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03550EF0-DF89-42FE-BF0E-994514EBD947"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4886CCAB-6D4E-45C7-B177-2E8DBEA15531"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C35631AC-7C35-4F6A-A95A-3B080E5210ED"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CED2BA6-BE5E-4EF1-88EB-0DADD23D2EEF"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A71F4154-AD20-4EEA-9E2E-D3385C357DA5"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0B8C9DB-401E-42B3-BAED-D09A96DE9A90"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "062C20A0-05A0-4164-8330-DF6ADFE607F4"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D345BA35-93BB-406F-B5DC-86E49FB29C22"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7ED4892F-C829-4BEA-AB82-6A78F6F2426D"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00128AAD-E746-4DCD-8676-1381E5232220"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE0D7ABB-DE11-40D6-8AAF-C626DD7E3914"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDC40E89-2D57-4988-913E-024BFB56B367"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FCD3C8C-9BF8-4F30-981A-593EEAEB9EDD"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "046487A3-752B-4D0F-8984-96486B828EAB"
}
],
"operator": "OR"
}
]
}
]