Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-2687

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.

See the

CVE page on Mitre.org for more details.

References

MLIST: [announce] 20120821 [A...
CONFIRM: http://httpd.apache.or...
CONFIRM: http://www.apache.org/...
UBUNTU: USN-1627-1
REDHAT: RHSA-2012:1591
REDHAT: RHSA-2012:1592
REDHAT: RHSA-2012:1594
SECUNIA: 51607
REDHAT: RHSA-2013:0130
SUSE: openSUSE-SU-2013:0243
SUSE: openSUSE-SU-2013:0245
SUSE: openSUSE-SU-2013:0248
BID: 55131
CONFIRM: http://www.xerox.com/d...
AIXAPAR: SE53614
SECUNIA: 50894
CONFIRM: http://www.oracle.com/...
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2013-09-12-1
CONFIRM: http://www.fujitsu.com...
HP: HPSBUX02866
HP: SSRT101139
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
MLIST: [httpd-cvs] 20190815 s...
MLIST: [httpd-cvs] 20190815 s...
MLIST: [httpd-cvs] 20190815 s...
MLIST: [httpd-cvs] 20190815 s...
MLIST: [httpd-cvs] 20200401 s...
MLIST: [httpd-cvs] 20200401 s...
MLIST: [httpd-cvs] 20200401 s...
MLIST: [httpd-cvs] 20200401 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210603 s...
MLIST: [httpd-cvs] 20210606 s...
MLIST: [httpd-cvs] 20210606 s...
MLIST: [httpd-cvs] 20210606 s...

Launchpad.net

CVE 2012-2687

Related bugs

References