PT-2013-1689 · Apache+4 · Apache Http Server+4

Niels Heinen

Published

2013-02-18

Updated

2021-06-06

CVE-2012-4558

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.2.x before 2.2.24-dev Apache HTTP Server versions 2.4.x before 2.4.4

Description The issue is related to multiple cross-site scripting (XSS) vulnerabilities in the balancer handler function in the manager interface in the mod proxy balancer module. This allows remote attackers to inject arbitrary web script or HTML via a crafted string. The vulnerability was reported by Niels Heinen of Google.

Recommendations For Apache HTTP Server versions 2.2.x before 2.2.24-dev, update to version 2.2.24-dev or later. For Apache HTTP Server versions 2.4.x before 2.4.4, update to version 2.4.4 or later. As a temporary workaround, consider disabling the balancer handler function in the manager interface until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CESA-2013_0815

CVE-2012-4558

DSA-2637-1

HPSBUX02866

RHSA-2013:0815

RHSA-2013:1011

RHSA-2013:1012

RHSA-2013:1207

RHSA-2013:1208

RHSA-2013_0815

Affected Products

Apache Http Server

Centos

Hp-Ux

Red Hat

Suse

PT-2013-1689 · Apache+4 · Apache Http Server+4

CVE-2012-4558

Weakness Enumeration

Related Identifiers

Affected Products

References · 94