Vulnerabilities > CVE-2012-3499 - Cross-site Scripting vulnerability in Apache Http Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Embedding Scripts in Non-Script Elements This attack is a form of Cross-Site Scripting (XSS) where malicious scripts are embedded in elements that are not expected to host scripts such as image tags (<img>), comments in XML documents (< !-CDATA->), etc. These tags may not be subject to the same input validation, output validation, and other content filtering and checking routines, so this can create an opportunity for an attacker to tunnel through the application's elements and launch a XSS attack through other elements. As with all remote attacks, it is important to differentiate the ability to launch an attack (such as probing an internal network for unpatched servers) and the ability of the remote attacker to collect and interpret the output of said attack.
- Embedding Scripts within Scripts An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
- Cross-Site Scripting in Error Pages An attacker distributes a link (or possibly some other query structure) with a request to a third party web server that is malformed and also contains a block of exploit code in order to have the exploit become live code in the resulting error page. When the third party web server receives the crafted request and notes the error it then creates an error message that echoes the malformed message, including the exploit. Doing this converts the exploit portion of the message into to valid language elements that are executed by the viewing browser. When a victim executes the query provided by the attacker the infected error message error message is returned including the exploit code which then runs in the victim's browser. XSS can result in execution of code as well as data leakage (e.g. session cookies can be sent to the attacker). This type of attack is especially dangerous since the exploit appears to come from the third party web server, who the victim may trust and hence be more vulnerable to deception.
- Cross-Site Scripting Using Alternate Syntax The attacker uses alternate forms of keywords or commands that result in the same action as the primary form but which may not be caught by filters. For example, many keywords are processed in a case insensitive manner. If the site's web filtering algorithm does not convert all tags into a consistent case before the comparison with forbidden keywords it is possible to bypass filters (e.g., incomplete black lists) by using an alternate case structure. For example, the "script" tag using the alternate forms of "Script" or "ScRiPt" may bypass filters where "script" is the only form tested. Other variants using different syntax representations are also possible as well as using pollution meta-characters or entities that are eventually ignored by the rendering engine. The attack can result in the execution of otherwise prohibited functionality.
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS11_APACHE_20131015.NASL description The remote Solaris system is missing necessary patches to address security updates : - Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. (CVE-2012-3499) - mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. (CVE-2013-1862) - mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. (CVE-2013-1896) last seen 2020-06-01 modified 2020-06-02 plugin id 80585 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80585 title Oracle Solaris Third-Party Patch Update : apache (cve_2013_1896_denial_of) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80585); script_version("1.3"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2012-3499", "CVE-2013-1862", "CVE-2013-1896"); script_name(english:"Oracle Solaris Third-Party Patch Update : apache (cve_2013_1896_denial_of)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. (CVE-2012-3499) - mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. (CVE-2013-1862) - mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. (CVE-2013-1896)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); script_set_attribute( attribute:"see_also", value:"https://blogs.oracle.com/sunsecurity/cve-2013-1896-denial-of-service-dos-vulnerability-in-apache-http-server" ); # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-apache-http-server script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?158e3c7f" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.11.4.0."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:apache"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^apache-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.11.0.4.0", sru:"SRU 11.1.11.4.0") > 0) flag++; if (flag) { set_kb_item(name:'www/0/XSS', value:TRUE); error_extra = 'Affected package : apache\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_warning(port:0, extra:error_extra); else security_warning(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "apache");
NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-308.NASL description apache2 was updated to fix : - fix for cross site scripting vulnerability in mod_balancer. This is CVE-2012-4558 [bnc#807152] - fixes for low profile cross site scripting vulnerabilities, known as CVE-2012-3499 [bnc#806458] - Escape filename for the case that uploads are allowed with untrusted user last seen 2020-06-05 modified 2014-06-13 plugin id 74964 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74964 title openSUSE Security Update : apache2 (openSUSE-SU-2013:0629-1) NASL family Scientific Linux Local Security Checks NASL id SL_20130513_HTTPD_ON_SL5_X.NASL description Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module last seen 2020-03-18 modified 2013-05-15 plugin id 66441 published 2013-05-15 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66441 title Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20130513) NASL family Misc. NASL id JUNIPER_NSM_JSA10685_CRED.NASL description The remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server : - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A remote attacker can exploit this, by uploading a file with a specially crafted name, to inject arbitrary HTTP headers or conduct cross-site scripting attacks. (CVE-2008-0456) - Multiple cross-site scripting vulnerabilities exist in the mod_negotiation module due to improper sanitization of input passed via filenames. An attacker can exploit this to execute arbitrary script code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 84878 published 2015-07-20 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84878 title Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685) (credentialed check) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1209.NASL description The version of JBoss Enterprise Application Platform installed on the remote system is affected by the following issues : - Flaws in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules can allow an attacker to perform cross-site scripting (XSS) attacks. (CVE-2012-3499) - Flaws in the web interface of the mod_proxy_balancer module can allow a remote attacker to perform XSS attacks. (CVE-2012-4558) - A flaw in mod_rewrite can allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. (CVE-2013-1862) - A flaw in the method by which the mod_dav module handles merge requests can allow an attacker to create a denial of service by sending a crafted merge request that contains URIs that are not configured for DAV. (CVE-2013-1896) - A flaw in PicketBox can allow local users to obtain the admin encryption key by reading the Vault data file. (CVE-2013-1921) - A flaw in Apache Santuario XML Security can allow context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak algorithm. (CVE-2013-2172) - A flaw in JGroup last seen 2020-06-01 modified 2020-06-02 plugin id 72238 published 2014-01-31 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72238 title JBoss Enterprise Application Platform 6.1.1 Update (RHSA-2013:1209) NASL family Misc. NASL id JUNIPER_NSM_JSA10685.NASL description The remote host is running a version of NSM (Network and Security Manager) Server that is prior to 2012.2R9. It is, therefore, affected by multiple vulnerabilities in the bundled version of Apache HTTP Server : - A flaw exists due to improper escaping of filenames in 406 and 300 HTTP responses. A remote attacker can exploit this, by uploading a file with a specially crafted name, to inject arbitrary HTTP headers or conduct cross-site scripting attacks. (CVE-2008-0456) - Multiple cross-site scripting vulnerabilities exist in the mod_negotiation module due to improper sanitization of input passed via filenames. An attacker can exploit this to execute arbitrary script code in a user last seen 2020-06-01 modified 2020-06-02 plugin id 84877 published 2015-07-20 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/84877 title Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2013-004.NASL description The remote host is running a version of Mac OS X 10.6 or 10.7 that does not have Security Update 2013-004 applied. This update contains several security-related fixes for the following component : - Apache - Bind - Certificate Trust Policy - ClamAV - Installer - IPSec - Mobile Device Management - OpenSSL - PHP - PostgreSQL - QuickTime - sudo Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 69878 published 2013-09-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69878 title Mac OS X Multiple Vulnerabilities (Security Update 2013-004) NASL family Web Servers NASL id APACHE_2_2_24.NASL description According to its banner, the version of Apache 2.2.x running on the remote host is prior to 2.2.24. It is, therefore, potentially affected by the following cross-site scripting vulnerabilities : - Errors exist related to the modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp and unescaped hostnames and URIs that could allow cross- site scripting attacks. (CVE-2012-3499) - An error exists related to the mod_proxy_balancer module last seen 2020-06-01 modified 2020-06-02 plugin id 64912 published 2013-02-27 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64912 title Apache 2.2.x < 2.2.24 Multiple XSS Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_10_8_5.NASL description The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.5. The newer version contains multiple security-related fixes for the following components : - Apache - Bind - Certificate Trust Policy - CoreGraphics - ImageIO - Installer - IPSec - Kernel - Mobile Device Management - OpenSSL - PHP - PostgreSQL - Power Management - QuickTime - Screen Lock - sudo This update also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit. Note that successful exploitation of the most serious issues could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 69877 published 2013-09-13 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69877 title Mac OS X 10.8.x < 10.8.5 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_APACHE2-130327.NASL description Apache2 has been updated to fix multiple XSS flaws. - Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server potentially allowed remote attackers to inject arbitrary web script or HTML via a crafted string. (CVE-2012-4558) - Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server allowed remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. (CVE-2012-3499) last seen 2020-06-05 modified 2013-04-10 plugin id 65907 published 2013-04-10 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65907 title SuSE 11.2 Security Update : Apache (SAT Patch Number 7570) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-193.NASL description Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module last seen 2020-06-01 modified 2020-06-02 plugin id 69751 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69751 title Amazon Linux AMI : httpd (ALAS-2013-193) NASL family Solaris Local Security Checks NASL id SOLARIS11_APACHE_20130604.NASL description The remote Solaris system is missing necessary patches to address security updates : - Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. (CVE-2012-3499) - Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. (CVE-2012-4558) last seen 2020-06-01 modified 2020-06-02 plugin id 80584 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80584 title Oracle Solaris Third-Party Patch Update : apache (multiple_cross_site_scripting_vulnerabilities) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2013-062-01.NASL description New httpd packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 64970 published 2013-03-04 reporter This script is Copyright (C) 2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64970 title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : httpd (SSA:2013-062-01) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-015.NASL description Multiple vulnerabilities has been found and corrected in apache (ASF HTTPD) : Various XSS (cross-site scripting vulnerability) flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp (CVE-2012-3499). XSS (cross-site scripting vulnerability) in mod_proxy_balancer manager interface (CVE-2012-4558). Additionally the ASF bug 53219 was resolved which provides a way to mitigate the CRIME attack vulnerability by disabling TLS-level compression. Use the new directive SSLCompression on|off to enable or disable TLS-level compression, by default SSLCompression is turned on. The updated packages have been upgraded to the latest 2.2.24 version which is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 64902 published 2013-02-27 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64902 title Mandriva Linux Security Advisory : apache (MDVSA-2013:015-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1011.NASL description Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/ The following security issues are also fixed with this release : Cross-site scripting (XSS) flaws were found in the Apache HTTP Server mod_proxy_balancer module last seen 2020-06-01 modified 2020-06-02 plugin id 76237 published 2014-06-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76237 title RHEL 5 : JBoss Web Server (RHSA-2013:1011) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9C88D8A8837211E2A01020CF30E32F6D.NASL description Apache HTTP SERVER PROJECT reports:low: XSS due to unescaped hostnames CVE-2012-3499 Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. moderate: XSS in mod_proxy_balancer CVE-2012-4558 A XSS flaw affected the mod_proxy_balancer manager interface. last seen 2020-06-01 modified 2020-06-02 plugin id 64989 published 2013-03-04 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64989 title FreeBSD : apache22 -- several vulnerabilities (9c88d8a8-8372-11e2-a010-20cf30e32f6d) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1207.NASL description Red Hat JBoss Enterprise Application Platform 6.1.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements. Refer to the 6.1.1 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/ Security fixes : Cross-site scripting (XSS) flaws were found in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could possibly use these flaws to perform XSS attacks if they were able to make the victim last seen 2020-06-01 modified 2020-06-02 plugin id 69882 published 2013-09-13 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69882 title RHEL 5 : JBoss EAP (RHSA-2013:1207) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0815.NASL description From Red Hat Security Advisory 2013:0815 : Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module last seen 2020-06-01 modified 2020-06-02 plugin id 68819 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68819 title Oracle Linux 5 / 6 : httpd (ELSA-2013-0815) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2637.NASL description Several vulnerabilities have been found in the Apache HTTPD server. - CVE-2012-3499 The modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp did not properly escape hostnames and URIs in HTML output, causing cross site scripting vulnerabilities. - CVE-2012-4558 Mod_proxy_balancer did not properly escape hostnames and URIs in its balancer-manager interface, causing a cross site scripting vulnerability. - CVE-2013-1048 Hayawardh Vijayakumar noticed that the apache2ctl script created the lock directory in an unsafe manner, allowing a local attacker to gain elevated privileges via a symlink attack. This is a Debian specific issue. last seen 2020-03-17 modified 2013-03-05 plugin id 64995 published 2013-03-05 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64995 title Debian DSA-2637-1 : apache2 - several issues NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1765-1.NASL description Niels Heinen discovered that multiple modules incorrectly sanitized certain strings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2012-3499, CVE-2012-4558) It was discovered that the mod_proxy_ajp module incorrectly handled error states. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.10. (CVE-2012-4557) It was discovered that the apache2ctl script shipped in Ubuntu packages incorrectly created the lock directory. A local attacker could possibly use this issue to gain privileges. The symlink protections in Ubuntu 11.10 and later should reduce this vulnerability to a denial of service. (CVE-2013-1048). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 65607 published 2013-03-19 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65607 title Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : apache2 vulnerabilities (USN-1765-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1012.NASL description Red Hat JBoss Web Server 2.0.1, which fixes multiple security issues and several bugs, is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.0, and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.0.1 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/ The following security issues are also fixed with this release : Cross-site scripting (XSS) flaws were found in the Apache HTTP Server mod_proxy_balancer module last seen 2020-06-01 modified 2020-06-02 plugin id 76238 published 2014-06-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76238 title RHEL 6 : JBoss Web Server (RHSA-2013:1012) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-175.NASL description Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. last seen 2020-06-01 modified 2020-06-02 plugin id 69734 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69734 title Amazon Linux AMI : httpd24 (ALAS-2013-175) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1208.NASL description Red Hat JBoss Enterprise Application Platform 6.1.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.1.0, and includes bug fixes and enhancements. Refer to the 6.1.1 Release Notes for information on the most significant of these changes, available shortly from https://access.redhat.com/site/documentation/ Security fixes : Cross-site scripting (XSS) flaws were found in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could possibly use these flaws to perform XSS attacks if they were able to make the victim last seen 2020-06-01 modified 2020-06-02 plugin id 69883 published 2013-09-13 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69883 title RHEL 6 : JBoss EAP (RHSA-2013:1208) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0815.NASL description Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module last seen 2020-06-01 modified 2020-06-02 plugin id 66397 published 2013-05-14 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66397 title CentOS 5 / 6 : httpd (CESA-2013:0815) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-194.NASL description Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module last seen 2020-06-01 modified 2020-06-02 plugin id 69752 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69752 title Amazon Linux AMI : httpd24 (ALAS-2013-194) NASL family SuSE Local Security Checks NASL id SUSE_APACHE2-8530.NASL description Apache2 has been updated to fix multiple XSS flaws. - Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server potentially allowed remote attackers to inject arbitrary web script or HTML via a crafted string. (CVE-2012-4558) - Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server allowed remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. (CVE-2012-3499) last seen 2020-06-05 modified 2013-04-10 plugin id 65908 published 2013-04-10 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65908 title SuSE 10 Security Update : Apache (ZYPP Patch Number 8530) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-174.NASL description Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. last seen 2020-06-01 modified 2020-06-02 plugin id 69733 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69733 title Amazon Linux AMI : httpd (ALAS-2013-174) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0815.NASL description Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module last seen 2020-06-01 modified 2020-06-02 plugin id 66403 published 2013-05-14 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66403 title RHEL 5 / 6 : httpd (RHSA-2013:0815) NASL family Web Servers NASL id APACHE_2_4_4.NASL description According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.4. It is, therefore, affected by the following cross-site scripting vulnerabilities : - Errors exist related to the modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp and unescaped hostnames and URIs that could allow cross- site scripting attacks. (CVE-2012-3499) - An error exists related to the mod_proxy_balancer module last seen 2020-06-01 modified 2020-06-02 plugin id 64893 published 2013-02-26 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64893 title Apache 2.4.x < 2.4.4 Multiple XSS Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2013-4541.NASL description This update contains the latest release of the Apache HTTP Server, version 2.4.4. Two security issues are resolved in this update : - Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. (CVE-2012-3499) - An Cross-Site-Scripting attack against the mod_proxy_balancer manager interface. (CVE-2012-4558) Numerous bug fixes and minor enhancements are also included; for more information see : http://www.apache.org/dist/httpd/CHANGES_2.4.4 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-04-01 plugin id 65760 published 2013-04-01 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65760 title Fedora 18 : httpd-2.4.4-2.fc18 (2013-4541)
Oval
accepted | 2015-04-20T04:01:07.901-04:00 | ||||||||||||||||
class | vulnerability | ||||||||||||||||
contributors |
| ||||||||||||||||
description | Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. | ||||||||||||||||
family | unix | ||||||||||||||||
id | oval:org.mitre.oval:def:19312 | ||||||||||||||||
status | accepted | ||||||||||||||||
submitted | 2013-11-22T11:43:28.000-05:00 | ||||||||||||||||
title | HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities | ||||||||||||||||
version | 49 |
Redhat
advisories |
| ||||||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 58165 CVE(CAN) ID: CVE-2012-3499 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server 2.4.4及之前版本在实现上存在多个XSS漏洞,通过模块(1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, (5) mod_status内的主机名和URI,远程攻击者可利用此漏洞注入任意js脚本和HTML。 0 Apache Group HTTP Server 2.4.x Apache Group HTTP Server 2.2.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://httpd.apache.org/ |
id | SSV:60653 |
last seen | 2017-11-19 |
modified | 2013-02-28 |
published | 2013-02-28 |
reporter | Root |
title | Apache HTTP Server多个模块主机名和URI跨站脚本漏洞 |
References
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ldap/util_ldap_cache_mgr.c?r1=1209766&r2=1418752&diff_format=h
- http://httpd.apache.org/security/vulnerabilities_22.html
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1389564&r2=1413732&diff_format=h
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_imagemap.c?r1=1398480&r2=1413732&diff_format=h
- http://httpd.apache.org/security/vulnerabilities_24.html
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c?r1=1404625&r2=1413732&diff_format=h
- http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_info.c?r1=1225799&r2=1413732&diff_format=h
- http://www.debian.org/security/2013/dsa-2637
- http://rhn.redhat.com/errata/RHSA-2013-0815.html
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
- http://support.apple.com/kb/HT5880
- http://rhn.redhat.com/errata/RHSA-2013-1208.html
- http://rhn.redhat.com/errata/RHSA-2013-1209.html
- http://rhn.redhat.com/errata/RHSA-2013-1207.html
- http://secunia.com/advisories/55032
- http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html
- http://www.securityfocus.com/bid/64758
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
- http://marc.info/?l=bugtraq&m=136612293908376&w=2
- http://www.securityfocus.com/bid/58165
- http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19312
- https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E