CVE-2012-4001
Published Sep 15, 2012
Last updated 6 years ago
Overview
- Description
- The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-20
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:mod_pagespeed:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF09095C-2A66-4D75-A6BA-B87ED2D9E98D",
"versionEndIncluding": "0.10.22.4"
},
{
"criteria": "cpe:2.3:a:google:mod_pagespeed:0.10.19.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2385BCD8-3B1B-4954-9C46-B3AAE97EF75A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5A6CD1F4-4C0E-4989-A2B3-DC086E8E80A3"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]