CVE-2012-3499
Published Feb 26, 2013
Last updated a year ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACBC75F8-C1AF-45AE-91BA-5670EF2D0DCD"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67AD11FB-529C-404E-A13B-284F145322B8"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "733D62FE-180A-4AE8-9DBF-DA1DC18C1932"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCBBB7FE-35FC-4515-8393-5145339FCE4D"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F519633F-AB68-495A-B85E-FD41F9F752CA"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A894BED6-C97D-4DA4-A13D-9CB2B3306BC5"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34A847D1-5AD5-4EFD-B165-7602AFC1E656"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9AF3A0F5-4E5C-4278-9927-1F94F25CCAFC"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB63EBE5-CF14-491E-ABA5-67116DFE3E5B"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C2A33DE-F55F-4FD8-BB00-9C1E006CA65C"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1CF6394-95D9-42AF-A442-385EFF9CEFE1"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02B629FB-88C8-4E85-A137-28770F1E524E"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03550EF0-DF89-42FE-BF0E-994514EBD947"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4886CCAB-6D4E-45C7-B177-2E8DBEA15531"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C35631AC-7C35-4F6A-A95A-3B080E5210ED"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CED2BA6-BE5E-4EF1-88EB-0DADD23D2EEF"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A71F4154-AD20-4EEA-9E2E-D3385C357DA5"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0B8C9DB-401E-42B3-BAED-D09A96DE9A90"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "062C20A0-05A0-4164-8330-DF6ADFE607F4"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D345BA35-93BB-406F-B5DC-86E49FB29C22"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7ED4892F-C829-4BEA-AB82-6A78F6F2426D"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00128AAD-E746-4DCD-8676-1381E5232220"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE0D7ABB-DE11-40D6-8AAF-C626DD7E3914"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BDC40E89-2D57-4988-913E-024BFB56B367"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FCD3C8C-9BF8-4F30-981A-593EEAEB9EDD"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "046487A3-752B-4D0F-8984-96486B828EAB"
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89D2E052-51CD-4B57-A8B8-FAE51988D654"
}
],
"operator": "OR"
}
]
}
]