Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2012-2687

Опубликовано: 22 авг. 2012
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 2.6

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.

РелизСтатусПримечание
devel

released

2.2.22-6ubuntu3
hardy

released

2.2.8-1ubuntu0.24
lucid

released

2.2.14-5ubuntu8.10
natty

ignored

end of life
oneiric

released

2.2.20-1ubuntu1.3
precise

released

2.2.22-1ubuntu1.2
quantal

released

2.2.22-6ubuntu2.1
upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 89%
0.04665
Низкий

2.6 Low

CVSS2

Связанные уязвимости

redhat логотип

CVE-2012-2687

redhat
больше 13 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.

nvd логотип

CVE-2012-2687

nvd
около 13 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.

debian логотип

CVE-2012-2687

debian
около 13 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the make_varian ...

github логотип

GHSA-8v5x-5rvv-5j4v

github
больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.

oracle-oval логотип

ELSA-2013-0512

oracle-oval
больше 12 лет назад

ELSA-2013-0512: httpd security, bug fix, and enhancement update (LOW)

EPSS

Процентиль: 89%
0.04665
Низкий

2.6 Low

CVSS2