CVE-2012-2687
CVE-2012-2687
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://httpd.apache.org/security/vulnerabilities_24.htmlhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00009.htmlhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00011.htmlhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00012.htmlhttp://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30%40apache.org%3Ehttp://marc.info/?l=bugtraq&m=136612293908376&w=2http://rhn.redhat.com/errata/RHSA-2012-1591.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1592.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1594.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0130.htmlhttp://secunia.com/advisories/50894