CVE-2012-2687

Source
https://nvd.nist.gov/vuln/detail/CVE-2012-2687
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2012-2687.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2012-2687
Related
Published
2012-08-22T19:55:01Z
Modified
2024-06-30T12:01:22Z
Summary
[none]
Details

Multiple cross-site scripting (XSS) vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.

References

Affected packages

Debian:11 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.22-8

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.22-8

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.22-8

Ecosystem specific

{
    "urgency": "low"
}