CVE-2012-2687
httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función make_variant_list en mod_negotiation.c en el módulo mod_negotiation en Apache HTTP Server v2.4.x anteriores a v2.4.3, cuando la opción MultiViews esta activada, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través un nombre de fichero manipulado que no es manejado de forma adecuada mientras se construye una lista de variantes.
The httpd packages contain the Apache HTTP Server, which is the namesake project of The Apache Software Foundation. An input sanitization flaw was found in the mod_negotiation Apache HTTP Server module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use this flaw to conduct cross-site scripting attacks against users visiting the site. It was discovered that mod_proxy_ajp, when used in configurations with mod_proxy in load balancer mode, would mark a back-end server as failed when request processing timed out, even when a previous AJP CPing request was responded to by the back-end. A remote attacker able to make a back-end use an excessive amount of time to process a request could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-05-14 CVE Reserved
- 2012-08-22 CVE Published
- 2024-08-06 CVE Updated
- 2025-07-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (44)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.0 Search vendor "Apache" for product "Http Server" and version "2.2.0" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.1 Search vendor "Apache" for product "Http Server" and version "2.2.1" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.2 Search vendor "Apache" for product "Http Server" and version "2.2.2" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.3 Search vendor "Apache" for product "Http Server" and version "2.2.3" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.4 Search vendor "Apache" for product "Http Server" and version "2.2.4" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.6 Search vendor "Apache" for product "Http Server" and version "2.2.6" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.8 Search vendor "Apache" for product "Http Server" and version "2.2.8" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.9 Search vendor "Apache" for product "Http Server" and version "2.2.9" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.10 Search vendor "Apache" for product "Http Server" and version "2.2.10" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.11 Search vendor "Apache" for product "Http Server" and version "2.2.11" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.12 Search vendor "Apache" for product "Http Server" and version "2.2.12" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.13 Search vendor "Apache" for product "Http Server" and version "2.2.13" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.14 Search vendor "Apache" for product "Http Server" and version "2.2.14" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.15 Search vendor "Apache" for product "Http Server" and version "2.2.15" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.16 Search vendor "Apache" for product "Http Server" and version "2.2.16" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.17 Search vendor "Apache" for product "Http Server" and version "2.2.17" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.18 Search vendor "Apache" for product "Http Server" and version "2.2.18" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.19 Search vendor "Apache" for product "Http Server" and version "2.2.19" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.20 Search vendor "Apache" for product "Http Server" and version "2.2.20" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.21 Search vendor "Apache" for product "Http Server" and version "2.2.21" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.22 Search vendor "Apache" for product "Http Server" and version "2.2.22" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.23 Search vendor "Apache" for product "Http Server" and version "2.2.23" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.0 Search vendor "Apache" for product "Http Server" and version "2.4.0" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.1 Search vendor "Apache" for product "Http Server" and version "2.4.1" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.4.2 Search vendor "Apache" for product "Http Server" and version "2.4.2" | - |
Affected
|