Vulnerability Details : CVE-2012-0216
The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2012-0216
- cpe:2.3:a:debian:apache2:*:wheezy:*:*:*:*:*:*
- cpe:2.3:a:debian:apache2:*:squeeze6:*:*:*:*:*:*
- cpe:2.3:a:debian:apache2:*:sid:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0216
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0216
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
References for CVE-2012-0216
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75211
Debian GNU/Linux apache 2 cross-site scripting CVE-2012-0216 Vulnerability Report
-
http://www.debian.org/security/2012/dsa-2452
Debian -- Security Information -- DSA-2452-1 apache2
Jump to