icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Apache 2.2 < 2.2.23 Multiple Vulnerabilities

Medium

Synopsis

The remote web server uses a version of Apache that is affected by multiple vulnerabilities

Description

Apache versions earlier than 2.2.23 are affected by the following vulnerabilities.

- The utility 'apachectl' can receive a zero-length directory name in the LD_LIBRARY_PATH via the 'envvars' file. A local attacker with access to that utility could exploit this to load a malicious Dynamic Shared Object (DSO), leading to arbitrary code execution. (CVE-2012-0883)

- An input validation error exists related to 'mod_negotiation', 'Multiviews' and untrusted uploads that can allow cross-site scripting attacks. (CVE-2012-2687)

Solution

Upgrade to Apache version 2.2.23 or later.