Summary: | <www-servers/apache-2.2.23 : Cross-Site Scripting Vulnerabilities (CVE-2012-2687) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | apache-bugs, f3d, mail, patrick, pva |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-08-22 11:00:30 UTC
CVE-2012-2687 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2687): Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list. 2.2.23 is out! =app-admin/apache-tools-2.2.23 =www-server/apache-2.2.23 in tree and ready for stabilization Arches, please test and mark stable: =www-servers/apache-2.2.23 =app-admin/apache-tools-2.2.23 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" amd64 stable 2.4.3 configure fails with itk or peruser MPM. Ebuild misses required patches. Oops... Wrong bug. Sorry! stable ppc ppc64 Stable for HPPA. stable arm x86 done. alpha/ia64/s390/sh/sparc stable all done. Please vote. Thanks, everyone. Closing noglsa for XSS. |