CVE-2012-0216 — Cross-site Scripting in Apache2

4 documents4 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 83.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Apache2 Debian Linux

Timeline

PublishedApr 22

Latest updateMay 4

Description

The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages1 packages

▶debiandebian/apache2< apache2 2.2.22-4 (bookworm)

Also affects: Debian Linux 6.0, 7.0

🔴Vulnerability Details

GHSA

GHSA-wx9w-fvvf-6955: The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2↗2022-05-04

▶

OSV

CVE-2012-0216: The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2↗2012-04-22

▶

📋Vendor Advisories

Debian

CVE-2012-0216: apache2 - The default configuration of the apache2 package in Debian GNU/Linux squeeze bef...↗2012

▶