CVE-2012-2687

by Fred · 22/08/2012

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.

Date published : 2012-08-22

http://www-01.ibm.com/support/docview.wss?uid=nas2a2b50a0ca011b37c86257a96003c9a4f

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

CVE-2012-2687

Similar

Recent Posts

Categories

CVE-2012-2687

Share this:

Similar

Recent Posts

Categories

Tags