CVE-2012-0216

Name of the Vulnerable Software and Affected Versions apache2 versions prior to 2.2.16-6+squeeze7 apache2 versions prior to 2.2.22-4

Description The default configuration of the apache2 package, when mod php or mod rivet is used, provides example scripts under the doc/ URI. This might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.

Recommendations For versions prior to 2.2.16-6+squeeze7, update to version 2.2.16-6+squeeze7 or later. For versions prior to 2.2.22-4, update to version 2.2.22-4 or later.