CVE-2012-3499

MEDIUM

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.

References

http://httpd.apache.org/security/vulnerabilities_22.html

http://httpd.apache.org/security/vulnerabilities_24.html

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html

http://marc.info/?l=bugtraq&m=136612293908376&w=2

http://rhn.redhat.com/errata/RHSA-2013-0815.html

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://secunia.com/advisories/55032

http://support.apple.com/kb/HT5880

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_info.c?r1=1225799&r2=1413732&diff_format=h

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1389564&r2=1413732&diff_format=h

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ldap/util_ldap_cache_mgr.c?r1=1209766&r2=1418752&diff_format=h

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_imagemap.c?r1=1398480&r2=1413732&diff_format=h

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c?r1=1404625&r2=1413732&diff_format=h

http://www.debian.org/security/2013/dsa-2637

http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

http://www.securityfocus.com/bid/58165

http://www.securityfocus.com/bid/64758

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19312

Details

Source: MITRE

Published: 2013-02-26

Updated: 2017-09-19

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM