Описание
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Web Server 1 | httpd | Will not fix | ||
| Red Hat Enterprise Linux 5 | httpd | Fixed | RHSA-2013:0130 | 08.01.2013 |
| Red Hat Enterprise Linux 6 | httpd | Fixed | RHSA-2013:0512 | 20.02.2013 |
| Red Hat JBoss Enterprise Application Platform 6.0 | Fixed | RHSA-2012:1594 | 18.12.2012 | |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | antlr-eap6 | Fixed | RHSA-2012:1591 | 18.12.2012 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-commons-beanutils | Fixed | RHSA-2012:1591 | 18.12.2012 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-commons-cli | Fixed | RHSA-2012:1591 | 18.12.2012 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-commons-codec-eap6 | Fixed | RHSA-2012:1591 | 18.12.2012 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-commons-collections | Fixed | RHSA-2012:1591 | 18.12.2012 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-commons-collections-eap6 | Fixed | RHSA-2012:1591 | 18.12.2012 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.6 Low
CVSS2
Связанные уязвимости
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
Multiple cross-site scripting (XSS) vulnerabilities in the make_varian ...
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
ELSA-2013-0512: httpd security, bug fix, and enhancement update (LOW)
EPSS
2.6 Low
CVSS2