CVE-2012-4558 — Cross-site Scripting in Apache Http Server

CWE-79 — Cross-site Scripting10 documents9 sources

Severity

4.3MEDIUMNVD

EPSS

28.2%

top 3.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedFeb 26

Latest updateMay 13

Description

Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server27 versions+26

🔴Vulnerability Details

GHSA

GHSA-gvpv-mmxx-g3g2: Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer↗2022-05-13

▶

CVEList

CVE-2012-4558: Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer↗2013-02-26

▶

OSV

CVE-2012-4558: Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer↗2013-02-26

▶

📋Vendor Advisories

Ubuntu

Apache HTTP Server vulnerabilities↗2013-03-18

▶

Red Hat

httpd: XSS flaw in mod_proxy_balancer manager interface↗2013-02-18

▶

Debian

CVE-2012-4558: apache2 - Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler func...↗2012

▶

Apache

Apache httpd: CVE-2012-4558↗

▶

💬Community

Bugzilla

CVE-2012-4558 CVE-2012-3499 httpd various flaws [fedora-all]↗2013-03-07

▶

Bugzilla

CVE-2012-4558 httpd: XSS flaw in mod_proxy_balancer manager interface↗2013-02-26

▶