Back to search
CVE-2012-2687
Published: Aug 22, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SSRT101139
vendor-advisory
x_refsource_HP
50894
third-party-advisory
x_refsource_SECUNIA
55131
vdb-entry
x_refsource_BID
http://httpd.apache.org/security/vulnerabilities_24.html
x_refsource_CONFIRM
oval:org.mitre.oval:def:19539
vdb-entry
signature
x_refsource_OVAL
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
x_refsource_CONFIRM
RHSA-2012:1594
vendor-advisory
x_refsource_REDHAT
USN-1627-1
vendor-advisory
x_refsource_UBUNTU
51607
third-party-advisory
x_refsource_SECUNIA
SE53614
vendor-advisory
x_refsource_AIXAPAR
openSUSE-SU-2013:0245
vendor-advisory
x_refsource_SUSE
APPLE-SA-2013-09-12-1
vendor-advisory
x_refsource_APPLE
[announce] 20120821 [ANNOUNCEMENT] Apache HTTP Server 2.4.3 Released
mailing-list
x_refsource_MLIST
RHSA-2012:1592
vendor-advisory
x_refsource_REDHAT
http://www.apache.org/dist/httpd/CHANGES_2.4.3
x_refsource_CONFIRM
RHSA-2013:0130
vendor-advisory
x_refsource_REDHAT
RHSA-2012:1591
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2013:0248
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:18832
vdb-entry
signature
x_refsource_OVAL
HPSBUX02866
vendor-advisory
x_refsource_HP
openSUSE-SU-2013:0243
vendor-advisory
x_refsource_SUSE
http://support.apple.com/kb/HT5880
x_refsource_CONFIRM
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [8/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1888194 [8/13] - /httpd/site/trunk/content/security/json/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now