2.6
CVSSv2

CVE-2012-2687

Published: 22/08/2012 Updated: 06/06/2021
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 233
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x prior to 2.4.3, when the MultiViews option is enabled, allow remote malicious users to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 2.4.0

apache http server 2.2.22

apache http server 2.2.21

apache http server 2.2.12

apache http server 2.2.13

apache http server 2.2.10

apache http server 2.2.1

apache http server 2.2.16

apache http server 2.2.17

apache http server 2.2.0

apache http server 2.2.18

apache http server 2.2.20

apache http server 2.2.14

apache http server 2.2.23

apache http server 2.2.19

apache http server 2.2.2

apache http server 2.2.4

apache http server 2.2.8

apache http server 2.2.3

apache http server 2.4.1

apache http server 2.4.2

apache http server 2.2.15

apache http server 2.2.6

apache http server 2.2.11

apache http server 2.2.9

Vendor Advisories

Synopsis Low: httpd security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic Updated httpd packages that fix multiple security issues, various bugs,and add enhancements are now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as ha ...
Synopsis Low: httpd security, bug fix, and enhancement update Type/Severity Security Advisory: Low Topic Updated httpd packages that fix two security issues, several bugs, and addvarious enhancements are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as ...
Several security issues were fixed in the Apache HTTP server ...
Synopsis Important: JBoss Enterprise Application Platform 601 update Type/Severity Security Advisory: Important Topic Updated JBoss Enterprise Application Platform 601 packages that fixmultiple security issues, various bugs, and add enhancements are nowavailable for Red Hat Enterprise Linux 5The Red Ha ...
Synopsis Important: JBoss Enterprise Application Platform 601 update Type/Severity Security Advisory: Important Topic Updated JBoss Enterprise Application Platform 601 packages that fixmultiple security issues, various bugs, and add enhancements are nowavailable for Red Hat Enterprise Linux 6The Red Ha ...
Synopsis Important: JBoss Enterprise Application Platform 601 update Type/Severity Security Advisory: Important Topic JBoss Enterprise Application Platform 601, which fixes multiple securityissues, various bugs, and adds enhancements, is now available from the RedHat Customer PortalThe Red Hat Security ...

Github Repositories

Cheetsheet Pentest Reconocimiento Información básica Con herramientas como whatweb podemos hacer un reconocimiento inicial del sitio web para obtener información como la IP, el SO del servidor, en que país está este alojado o alguna vulnerabilidad básica, como XSS └─$ whatweb <URL> 3522724107/d6a05ac5cf/ [20

Network reconnaissance and vulnerability assessment tools.

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

Network reconnaissance and vulnerability assessment tools.

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

repository ini digunakan untuk belajar

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

Network reconnaissance and vulnerability assessment tools.

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

DC 1: Vulnhub Walkthrough Scanning nmap 192168122184 nmap -sV -A 192168122184 (service version scan) nmap -sV -A --script vuln 192168122184 (Vulnerability scan) root@kali:~# **nmap -sV -A 192168122184** Starting Nmap 780SVN ( nmaporg ) at 2021-05-27 02:58 EDT Stats: 0:00:17 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan NSE Timing: About 973

internetdb Fast IP Lookups for Open Ports and Vulnerabilities Description Shodan shodanio/ scans the internet for hosts and services and maintains a few APIs into that data One API is the InternetDB internetdbshodanio/, which allows for free querying of open ports and vulnerabilities Tools are provided to query this servce What’s Inside The Tin The f

Strike A python tool to quickly analyze all IPs and see which ones have open ports and vulnerabilities Installation apt-get install python3 git clone githubcom/SecureAxom/strike cd strike pip3 install -r requirementstxt python3 strikepy Usages python3 strikepy -h python3 strikepy -t 20891

References

CWE-79http://httpd.apache.org/security/vulnerabilities_24.htmlhttp://www.apache.org/dist/httpd/CHANGES_2.4.3http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30@apache.org%3Ehttp://www.ubuntu.com/usn/USN-1627-1http://rhn.redhat.com/errata/RHSA-2012-1592.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1591.htmlhttp://secunia.com/advisories/51607http://rhn.redhat.com/errata/RHSA-2012-1594.htmlhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00011.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0130.htmlhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00009.htmlhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00012.htmlhttp://www.securityfocus.com/bid/55131http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdfhttp://www-01.ibm.com/support/docview.wss?uid=nas2a2b50a0ca011b37c86257a96003c9a4fhttp://secunia.com/advisories/50894http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.htmlhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlhttp://support.apple.com/kb/HT5880http://marc.info/?l=bugtraq&m=136612293908376&w=2http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19539https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18832https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2013:0130https://nvd.nist.govhttps://usn.ubuntu.com/1627-1/http://tools.cisco.com/security/center/viewAlert.x?alertId=26712