CVE-2012-4558

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.

References

http://httpd.apache.org/security/vulnerabilities_22.html

http://httpd.apache.org/security/vulnerabilities_24.html

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c?r1=1404653&r2=1413732&diff_format=h

http://www.debian.org/security/2013/dsa-2637

http://rhn.redhat.com/errata/RHSA-2013-0815.html

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

http://support.apple.com/kb/HT5880

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html

http://www.securityfocus.com/bid/64758

http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

http://marc.info/?l=bugtraq&m=136612293908376&w=2

http://www.securityfocus.com/bid/58165

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18977

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2013-02-26

Updated: 2021-06-06

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
98902Apache 2.4.x < 2.4.4 Multiple XSS VulnerabilitiesWeb Application ScanningComponent Vulnerability
medium
84878Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685) (credentialed check)NessusMisc.
medium
84877Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685)NessusMisc.
medium
80584Oracle Solaris Third-Party Patch Update : apache (multiple_cross_site_scripting_vulnerabilities)NessusSolaris Local Security Checks
medium
76238RHEL 6 : JBoss Web Server (RHSA-2013:1012)NessusRed Hat Local Security Checks
medium
76237RHEL 5 : JBoss Web Server (RHSA-2013:1011)NessusRed Hat Local Security Checks
medium
74964openSUSE Security Update : apache2 (openSUSE-SU-2013:0629-1)NessusSuSE Local Security Checks
medium
72238JBoss Enterprise Application Platform 6.1.1 Update (RHSA-2013:1209)NessusRed Hat Local Security Checks
medium
8008Mac OS X 10.8 < 10.8.5 Multiple Vulnerabilities (Security Update 2013-004)Nessus Network MonitorWeb Clients
critical
69883RHEL 6 : JBoss EAP (RHSA-2013:1208)NessusRed Hat Local Security Checks
medium
69882RHEL 5 : JBoss EAP (RHSA-2013:1207)NessusRed Hat Local Security Checks
medium
69878Mac OS X Multiple Vulnerabilities (Security Update 2013-004)NessusMacOS X Local Security Checks
critical
69877Mac OS X 10.8.x < 10.8.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
69752Amazon Linux AMI : httpd24 (ALAS-2013-194)NessusAmazon Linux Local Security Checks
medium
69751Amazon Linux AMI : httpd (ALAS-2013-193)NessusAmazon Linux Local Security Checks
medium
69734Amazon Linux AMI : httpd24 (ALAS-2013-175)NessusAmazon Linux Local Security Checks
medium
69733Amazon Linux AMI : httpd (ALAS-2013-174)NessusAmazon Linux Local Security Checks
medium
68819Oracle Linux 5 / 6 : httpd (ELSA-2013-0815)NessusOracle Linux Local Security Checks
medium
66441Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20130513)NessusScientific Linux Local Security Checks
medium
66403RHEL 5 / 6 : httpd (RHSA-2013:0815)NessusRed Hat Local Security Checks
medium
66397CentOS 5 / 6 : httpd (CESA-2013:0815)NessusCentOS Local Security Checks
medium
65908SuSE 10 Security Update : Apache (ZYPP Patch Number 8530)NessusSuSE Local Security Checks
medium
65907SuSE 11.2 Security Update : Apache (SAT Patch Number 7570)NessusSuSE Local Security Checks
medium
65760Fedora 18 : httpd-2.4.4-2.fc18 (2013-4541)NessusFedora Local Security Checks
medium
65607Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : apache2 vulnerabilities (USN-1765-1)NessusUbuntu Local Security Checks
medium
64995Debian DSA-2637-1 : apache2 - several issuesNessusDebian Local Security Checks
medium
64989FreeBSD : apache22 -- several vulnerabilities (9c88d8a8-8372-11e2-a010-20cf30e32f6d)NessusFreeBSD Local Security Checks
medium
64970Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : httpd (SSA:2013-062-01)NessusSlackware Local Security Checks
medium
800961Apache 2.4 < 2.4.4 Multiple Cross-Site Scripting VulnerabilitiesLog Correlation EngineWeb Servers
medium
800118Apache 2.2 < 2.2.24 Multiple Cross-Site Scripting VulnerabilitiesLog Correlation EngineWeb Servers
medium
6701Apache 2.2 < 2.2.24 Multiple Cross-Site Scripting VulnerabilitesNessus Network MonitorWeb Servers
low
6700Apache 2.4.1 to 2.4.3 Multiple Cross-Site Scripting VulnerabilitesNessus Network MonitorWeb Servers
low
64912Apache 2.2.x < 2.2.24 Multiple XSS VulnerabilitiesNessusWeb Servers
medium
64902Mandriva Linux Security Advisory : apache (MDVSA-2013:015-1)NessusMandriva Local Security Checks
medium
64893Apache 2.4.x < 2.4.4 Multiple XSS VulnerabilitiesNessusWeb Servers
medium