Apache HTTP Server Vulnerability in Debian GNU/Linux
CVE-2012-0216

Currently unrated

Key Information:

Vendor: Debian
Status: Apache2
Vendor: CVE Published:; 22 April 2012

Summary

The Apache HTTP Server shipped with Debian GNU/Linux versions prior to 2.2.16-6+squeeze7, 2.2.22-4 for wheezy, and 2.2.22-4 for sid is affected by a vulnerabilities due to its default configuration, which includes example scripts available at the doc URI. This can be exploited by local users to execute cross-site scripting (XSS) attacks. Attackers can gain unauthorized privileges or access sensitive information through malicious localhost HTTP requests.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/75211

vdb-entryx_refsource_XF

http://www.debian.org/security/2012/dsa-2452

vendor-advisoryx_refsource_DEBIAN

Timeline

Vulnerability published
Apr 22, 2012
Vulnerability Reserved
Dec 14, 2011