Improper Hostname Verification in Apache HTTP Server's mod_pagespeed Module
CVE-2012-4001

Currently unrated

Key Information:

Vendor: Google
Status: Mod Pagespeed
Vendor: CVE Published:; 15 September 2012

Summary

The mod_pagespeed module for Apache HTTP Server prior to version 0.10.22.6 fails to validate hostnames correctly. This oversight allows remote attackers to exploit the module to send HTTP requests to arbitrary hosts. As a result, attackers can potentially reach internal resources or intranet servers, exposing sensitive information and systems to unauthorized access. It is essential for users of this module to upgrade to the patched version to mitigate this security risk.

References

https://developers.google.com/speed/docs/mod_pagespeed/CV...

x_refsource_CONFIRM

https://developers.google.com/speed/docs/mod_pagespeed/an...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 15, 2012