You are here

CVE-2012-3499

Vincent (CVE) Danen's picture
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.

Details Source

Mitre

Public Date

2013-02-18 00:00:00

Impact

Moderate

Bugzilla

CVE-2012-3499 httpd: multiple XSS flaws due to unescaped hostnames

Bugzilla ID

915 883

CVSS Status

verified

Base Score

4.30

Base Metrics

AV:N/AC:M/Au:N/C:N/I:P/A:N

IAVA

2015-A-0149

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Web Server 2.0 RHSA-2013:1013 2013-07-03
Red Hat Enterprise Linux 5 (httpd) RHSA-2013:0815 2013-05-13
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server (httpd) RHSA-2013:1208 2013-09-04
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server (httpd) RHSA-2013:1012 2013-07-03
Red Hat Enterprise Linux 6 (httpd) RHSA-2013:0815 2013-05-13
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server (httpd) RHSA-2013:1207 2013-09-04
Red Hat JBoss Enterprise Application Platform 6.1 RHSA-2013:1209 2013-09-04
Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server (httpd) RHSA-2013:1011 2013-07-03

CWE

CWE-79

Affected Packages State

Platform Package State
Red Hat JBoss EWS 1 httpd Will not fix