CVE-2012-4001
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
El módulo mod_pagespeed anterior a v0.10.22.6 para Apache HTTP Server no verifica de forma adecuada su nombre de host, lo que permite a atacantes remotos provocar peticiones HTTP a cualquier hosts, a través de vectores no especificados, como lo demuestran las peticiones a los servidores de la intranet.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-07-12 CVE Reserved
- 2012-09-15 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001 | 2018-10-30 | |
| https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6 | 2018-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Mod Pagespeed Search vendor "Google" for product "Mod Pagespeed" | <= 0.10.22.4 Search vendor "Google" for product "Mod Pagespeed" and version " <= 0.10.22.4" | - |
Affected
| in | Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | * | - |
Safe
|
| Google Search vendor "Google" | Mod Pagespeed Search vendor "Google" for product "Mod Pagespeed" | 0.10.19.1 Search vendor "Google" for product "Mod Pagespeed" and version "0.10.19.1" | - |
Affected
| in | Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | * | - |
Safe
|