Description

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.

Remediation

References

CVE-2012-2687

Related Vulnerabilities

Apache Traffic Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-9494)

WordPress Plugin Anthologize Cross-Site Scripting (0.7.7)

WordPress Plugin STT2 Extension Add Terms Unspecified Vulnerability (1.0.2)

Apache HTTP Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-0940)

WordPress Plugin Social Media Flying Icons-Floating Social Media Icon Cross-Site Scripting (2.1)

Severity

Low

Classification

CVE-2012-2687 CWE-707

Tags

Missing Update Known Vulnerabilities