Apache » Http Server » 2.2.20 : Security Vulnerabilities, CVEs, Published In 2012 (XSS)
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
Max CVSS
2.6
EPSS Score
0.68%
Published
2012-08-22
Updated
2021-06-06
1 vulnerabilities found