CVE-2012-3499

Source
https://nvd.nist.gov/vuln/detail/CVE-2012-3499
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2012-3499.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2012-3499
Related
Published
2013-02-26T16:55:01Z
Modified
2024-06-30T12:00:03Z
Summary
[none]
Details

Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) modimagemap, (2) modinfo, (3) modldap, (4) modproxyftp, and (5) modstatus modules.

References

Affected packages

Debian:11 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.22-13

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.22-13

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.22-13

Ecosystem specific

{
    "urgency": "low"
}