CVSS: 2.6EPSS: 0%CPEs: 25EXPL: 0CVE-2012-2687 – httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled
https://notcve.org/view.php?id=CVE-2012-2687
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función make_variant_list en mod_negotiation.c en el módulo mod_negotiation en Apache HTTP Server v2.4.x anteriores a v2.4.3, cuando la opción MultiViews esta activada, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través un nombre de fichero manipulado que no es manejado de forma adecuada mientras se construye una lista de variantes. • http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00011.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30%40apache.org%3E http://marc.info/?l=bugtraq&m=136612293908376&w=2& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2012-3502
https://notcve.org/view.php?id=CVE-2012-3502
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client. La funcionalidad proxy en (1) mod_proxy_ajp.c en el módulo mod_proxy_ajp y (2) mod_proxy_http.c en el módulo mod_proxy_http en Apache HTTP Server v2.4.x anteriores a v2.4.3 no determinad de forma adecuada las situaciones que requieren cerrar una conexión del Back-end, lo que permite a atacantes remotos obtener información sensible en circunstancias ventajosas leyendo la respuesta que fue establecida para distintos clientes. • http://httpd.apache.org/security/vulnerabilities_24.html http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30%40apache.org%3E http://www.apache.org/dist/httpd/CHANGES_2.4.3 http://www.securityfocus.com/bid/55131 https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E https://lists.ap • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 0CVE-2012-0883 – httpd: insecure handling of LD_LIBRARY_PATH in envvars
https://notcve.org/view.php?id=CVE-2012-0883
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. envvars (también conocido como envvars-STD) en el servidor HTTP Apache antes de 2.4.2 establece un nombre de directorio de longitud cero en el LD_LIBRARY_PATH, que permite a usuarios locales conseguir privilegios a través de un caballo de Troya DSO en el directorio actual de trabajo durante la ejecución de apachectl. • http://article.gmane.org/gmane.comp.apache.devel/48158 http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html http://marc.info/?l=bugtraq&m=134012830914727&w=2 http://secunia.com/advisories/48849 http://support.apple.com/kb/HT5880 http://svn.apache.org/viewvc?view=revision&revision=1296428 http://www.apache.org/dist/httpd/Announcement •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2012-1181
https://notcve.org/view.php?id=CVE-2012-1181
fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit. fcgid_spawn_ctl.c en el módulo de mod_fcgid v2.3.6 para el Servidor Apache HTTP no reconoce la directiva FcgidMaxProcessesPerClass para un host virtual, lo que hace que sea más fácil para los atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una serie de peticiones HTTP que desencadena un proceso de contar superior al límite previsto. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615814 http://www.debian.org/security/2012/dsa-2436 http://www.openwall.com/lists/oss-security/2012/03/15/10 http://www.openwall.com/lists/oss-security/2012/03/16/2 http://www.securityfocus.com/bid/52565 https://exchange.xforce.ibmcloud.com/vulnerabilities/74181 https://issues.apache.org/bugzilla/show_bug.cgi?id=49902 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 92%CPEs: 5EXPL: 0CVE-2012-0021 – httpd: NULL pointer dereference crash in mod_log_config
https://notcve.org/view.php?id=CVE-2012-0021
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value. La función log_cookie en mod_log_config.c en el módulo de mod_log_config en Apache HTTP Server v2.2.17 a v2.2.21, cuando se usa MPM multihilo , no controla correctamente una cadena de formato %{}C , lo que permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una cookie que carece de un nombre y un valor. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://marc.info/?l=bugtraq&m=133294460209056&w=2 http://marc.info/?l=bugtraq&m=133494237717847&w=2 http://rhn.redhat.com/errata/RHSA-2012-0542.html http://rhn.redhat.com/errata/RHSA-2012-0543.html http://secunia.com/advisories/48551 http://support.apple.com/kb/HT550 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •