Computer Security
[EN] no-pyccku

Apache security vulnerabilities
SecurityVulns ID:12601
Threat Level:
Description:mod_negotiation crossite scripting, local shared library privilege escalation
Affected:APACHE : Apache 2.4
CVE:CVE-2012-2687 (Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.)
 CVE-2012-0883 (envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:154 ] apache (01.10.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod