Lucene search
GoogleOSV:DSA-2637-1HistoryMar 04, 2013 - 12:00 a.m.
apache2 - several
2013-03-0400:00:00
Google
osv.dev
14
0.218 Low
EPSS
Percentile
96.5%
Several vulnerabilities have been found in the Apache HTTPD server.
- CVE-2012-3499
The modules mod_info, mod_status, mod_imagemap, mod_ldap, and
mod_proxy_ftp did not properly escape hostnames and URIs in
HTML output, causing cross site scripting vulnerabilities. - CVE-2012-4558
Mod_proxy_balancer did not properly escape hostnames and URIs
in its balancer-manager interface, causing a cross site scripting
vulnerability. - CVE-2013-1048
Hayawardh Vijayakumar noticed that the apache2ctl script created
the lock directory in an unsafe manner, allowing a local attacker
to gain elevated privileges via a symlink attack. This is a Debian
specific issue.
For the stable distribution (squeeze), these problems have been fixed in
version 2.2.16-6+squeeze11.
For the testing distribution (wheezy), these problems will be fixed in
version 2.2.22-13.
For the unstable distribution (sid), these problems will be fixed in
version 2.2.22-13.
We recommend that you upgrade your apache2 packages.
References
Related
openvas
openvas
Debian Security Advisory DSA 2637-1 (apache2 - several issues)
2013-03-04 00:00:00
Debian: Security Advisory (DSA-2637-1)
2013-03-03 00:00:00
Ubuntu Update for apache2 USN-1765-1
2013-03-19 00:00:00
debian
debian
[SECURITY] [DSA 2637-1] apache2 security update
2013-03-04 21:34:32
[SECURITY] [DSA 2637-1] apache2 security update
2013-03-04 21:34:32
nessus
nessus
Debian DSA-2637-1 : apache2 - several issues
2013-03-05 00:00:00
ubuntu
ubuntu
Apache HTTP Server vulnerabilities
2013-03-18 00:00:00
securityvulns
securityvulns
[ MDVSA-2013:015 ] apache
2013-03-02 00:00:00
Apache security vulnerabilities
2013-03-02 00:00:00
amazon
amazon
slackware
slackware
httpd
2013-03-03 15:02:33
freebsd
freebsd
apache22 -- several vulnerabilities
2012-10-07 00:00:00
f5
f5
SOL15865 - Apache HTTP server vulnerability CVE-2012-4558
2014-11-25 00:00:00
SOL15900 - Apache HTTP server vulnerability CVE-2012-3499
2014-12-10 00:00:00
K15900 : Apache HTTP server vulnerability CVE-2012-3499
2014-12-11 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: httpd-2.4.4-2.fc18
2013-04-01 03:30:25
ubuntucve
ubuntucve
centos
centos
httpd, mod_ssl security update
2013-05-13 22:32:03
oraclelinux
oraclelinux
httpd security update
2013-05-13 00:00:00
redhat
redhat
(RHSA-2013:0815) Moderate: httpd security update
2013-05-13 00:00:00
(RHSA-2013:1012) Moderate: Red Hat JBoss Web Server 2.0.1 update
2013-07-03 15:40:17
(RHSA-2013:1011) Moderate: Red Hat JBoss Web Server 2.0.1 update
2013-07-03 00:00:00
veracode
veracode
Arbitrary Code Injection
2019-05-02 04:44:51
Cross-site Scripting (XSS)
2019-01-15 08:52:43
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
httpd
httpd
Apache Httpd < 2.4.4 : XSS due to unescaped hostnames
2012-07-11 00:00:00
Apache Httpd < 2.2.24 : XSS due to unescaped hostnames
2012-07-11 00:00:00
Apache Httpd < 2.2.24 : XSS in mod_proxy_balancer
2012-10-07 00:00:00
cvelist
cvelist
nvd
nvd
seebug
seebug
Apache HTTP Server多个模块主机名和URI跨站脚本漏洞
2013-02-28 00:00:00
Apache HTTP Server balancer_handler函数跨站脚本漏洞(CVE-2012-4558)
2013-02-28 00:00:00
prion
prion
Cross site scripting
2013-02-26 16:55:00
Cross site scripting
2013-02-26 16:55:00
Code injection
2013-03-06 13:10:00
cve
cve
checkpoint_advisories
checkpoint_advisories
Apache HTTPD mod_proxy_balancer Cross Site Scripting (CVE-2012-4558)
2013-03-24 00:00:00
debiancve
debiancve
hackerone
hackerone
Pornhub: SSRF & XSS (W3 Total Cache)
2016-05-14 01:22:59
Marktplaats: Multiple Apache 2.2.22 Vulnerabilities (XSS/ Code Exec/ DoS)
2015-06-09 17:47:58
U.S. Dept Of Defense: Out-of-date Version (Apache)
2016-11-24 15:09:27
oracle
oracle
Oracle Critical Patch Update - January 2014
2014-01-14 00:00:00