CVE-2012-3499 — Cross-site Scripting in Apache Http Server

CWE-79 — Cross-site Scripting9 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

10.3%

top 6.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedFeb 26

Latest updateMay 13

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server27 versions+26

🔴Vulnerability Details

GHSA

GHSA-88g5-5jg8-6vw5: Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2↗2022-05-13

▶

OSV

CVE-2012-3499: Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2↗2013-02-26

▶

CVEList

CVE-2012-3499: Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2↗2013-02-26

▶

📋Vendor Advisories

Ubuntu

Apache HTTP Server vulnerabilities↗2013-03-18

▶

Red Hat

httpd: multiple XSS flaws due to unescaped hostnames↗2013-02-18

▶

Debian

CVE-2012-3499: apache2 - Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2....↗2012

▶

💬Community

Bugzilla

CVE-2012-4558 CVE-2012-3499 httpd various flaws [fedora-all]↗2013-03-07

▶

Bugzilla

CVE-2012-3499 httpd: multiple XSS flaws due to unescaped hostnames↗2013-02-26

▶