The default configuration of the apache2 package in Debian GNU/Linux squeeze prior to 2.2.16-6+squeeze7, wheezy prior to 2.2.22-4, and sid prior to 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian apache2 |