CVE-2012-2687
Published: 22 August 2012
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
Priority
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
hardy |
Released
(2.2.8-1ubuntu0.24)
|
lucid |
Released
(2.2.14-5ubuntu8.10)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Released
(2.2.20-1ubuntu1.3)
|
|
precise |
Released
(2.2.22-1ubuntu1.2)
|
|
quantal |
Released
(2.2.22-6ubuntu2.1)
|
|
upstream |
Needs triage
|
|
Patches: other: http://svn.apache.org/viewvc?view=revision&revision=1349905 |