First published: Wed Aug 22 2012(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Http Server | =2.2.0 | |
Apache Http Server | =2.2.1 | |
Apache Http Server | =2.2.2 | |
Apache Http Server | =2.2.3 | |
Apache Http Server | =2.2.4 | |
Apache Http Server | =2.2.6 | |
Apache Http Server | =2.2.8 | |
Apache Http Server | =2.2.9 | |
Apache Http Server | =2.2.10 | |
Apache Http Server | =2.2.11 | |
Apache Http Server | =2.2.12 | |
Apache Http Server | =2.2.13 | |
Apache Http Server | =2.2.14 | |
Apache Http Server | =2.2.15 | |
Apache Http Server | =2.2.16 | |
Apache Http Server | =2.2.17 | |
Apache Http Server | =2.2.18 | |
Apache Http Server | =2.2.19 | |
Apache Http Server | =2.2.20 | |
Apache Http Server | =2.2.21 | |
Apache Http Server | =2.2.22 | |
Apache Http Server | =2.2.23 | |
Apache Http Server | =2.4.0 | |
Apache Http Server | =2.4.1 | |
Apache Http Server | =2.4.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-2687 affects Apache HTTP Server versions 2.4.x before 2.4.3 and multiple versions in the 2.2.x series.
CVE-2012-2687 is a vulnerability that allows remote attackers to inject arbitrary web scripts or HTML due to multiple cross-site scripting (XSS) vulnerabilities in the mod_negotiation module.
Yes, CVE-2012-2687 is considered a significant security risk due to its potential for cross-site scripting attacks.
To resolve CVE-2012-2687, you should upgrade your Apache HTTP Server to version 2.4.3 or later, or to a secure 2.2.x version.
CVE-2012-2687 targets the make_variant_list function in the mod_negotiation module when the MultiViews option is enabled.