Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0216

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2012-0216
Last Modified 13 Aug 2012 11:33:33
Published 22 Apr 2012 02:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0216

Summary

The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.

Vulnerable Systems

Application

  • Debian Apache2 2.2.16-6

  • Debian Apache2 2.2.22-1

  • Debian Apache2 2.22-3


References

DEBIAN - DSA-2452

XF - gnulinux-apache2-xss(75211)


Last Updated: 27 May 2016 10:39:18