Apache » Http Server : Security Vulnerabilities, CVEs, Published In August 2012
The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
Max CVSS
4.3
EPSS Score
0.26%
Published
2012-08-22
Updated
2021-06-06
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
Max CVSS
2.6
EPSS Score
0.68%
Published
2012-08-22
Updated
2021-06-06
2 vulnerabilities found