CVE-2012-4558

Apache HTTP Server <2.2.24-dev, <2.4.4 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.

References (36)

[Patch] http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c?r1=1404653&r2=1413732&diff_format=h

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0815.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-1207.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-1208.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-1209.html

[Vendor Advisory] http://httpd.apache.org/security/vulnerabilities_22.html

[Vendor Advisory] http://httpd.apache.org/security/vulnerabilities_24.html

[Mailing List] http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

[Mailing List] http://marc.info/?l=bugtraq&m=136612293908376&w=2

[Vendor Advisory] http://support.apple.com/kb/HT5880

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

[Mailing List] https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18977

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/58165

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/64758

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html

[Third Party Advisory] http://www.debian.org/security/2013/dsa-2637

[Mailing List] https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

... and 16 more

Scores

EPSS 0.2823

EPSS Percentile 96.4%

Details

CWE

CWE-79

Status published

Products (28)

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

... and 18 more

Published Feb 26, 2013

Tracked Since Feb 18, 2026