CVE-2012-0883
published 2012-04-18CVE-2012-0883: envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain…
medium6.9CVSS 3.1
AVLACMAuNCCICAC
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | — | — |
| apache | http_server | >= 2.2.0 < 2.2.23 | 2.2.23 |
| apache | httpd | — | — |
| debian | apache2 | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |