Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities

BID:58165

Info

Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities

Bugtraq ID: 58165
Class: Input Validation Error
CVE: CVE-2012-3499
CVE-2012-4558
Remote: Yes
Local: No
Published: Feb 26 2013 12:00AM
Updated: Jul 15 2015 12:34AM
Credit: Jim Jagielski, Stefan Fritsch and Niels Heinen
Vulnerable: Slackware Linux x86_64 -current
Slackware Linux 13.37 x86_64
Slackware Linux 13.37
Slackware Linux 13.1 x86_64
Slackware Linux 13.1
Slackware Linux 13.0 x86_64
Slackware Linux 13.0
Slackware Linux 12.2
Slackware Linux 12.1
Slackware Linux -current
RedHat Enterprise Linux Desktop Workstation 5 client
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux HPC Node Optional 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Desktop Optional 6
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux Desktop 5 client
Red Hat Enterprise Linux 5 Server
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
Mandriva Linux Mandrake 2011 x86_64
Mandriva Linux Mandrake 2011
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
IBM OS/400 V6R1M0 0
HP HP-UX B.11.31
HP HP-UX B.11.23
Hitachi uCosminexus Service Platform - Messaging 0
Hitachi uCosminexus Service Platform 8
Hitachi uCosminexus Service Platform 7
Hitachi uCosminexus Service Platform 7
Hitachi uCosminexus Service Platform 6.7
Hitachi uCosminexus Service Platform 08-53 (Windows)
Hitachi uCosminexus Service Platform 08-53 (Linux)
Hitachi uCosminexus Service Platform 08-50 (Linux(IPF))
Hitachi uCosminexus Service Platform 08-50 (HP-UX(IPF))
Hitachi uCosminexus Service Platform 08-50 (AIX)
Hitachi uCosminexus Service Platform 08-00-02 (Windows)
Hitachi uCosminexus Service Platform 08-00-02 (AIX)
Hitachi uCosminexus Service Platform 08-00-01 (Solaris)
Hitachi uCosminexus Service Platform 08-00-01 (Linux)
Hitachi uCosminexus Service Platform 08-00-01 (Linux(x64)
Hitachi uCosminexus Service Platform 08-00-01 (Linux(IPF)
Hitachi uCosminexus Service Platform 08-00-01 (HP-UX(IPF)
Hitachi uCosminexus Service Platform 08-00-01 (AIX)
Hitachi uCosminexus Service Platform 08-00 (Windows)
Hitachi uCosminexus Service Platform 08-00 (Linux)
Hitachi uCosminexus Service Platform 08-00 (Linux(IPF))
Hitachi uCosminexus Service Platform 08-00 (HP-UX(IPF))
Hitachi uCosminexus Service Platform 08-00 (AIX)
Hitachi uCosminexus Service Platform 07-60 (Windows)
Hitachi uCosminexus Service Platform 07-60 (Linux)
Hitachi uCosminexus Service Platform 07-60 (AIX)
Hitachi uCosminexus Service Platform 07-50-10 (Windows)
Hitachi uCosminexus Service Platform 07-50-09 (Windows)
Hitachi uCosminexus Service Platform 07-50-02 (Windows)
Hitachi uCosminexus Service Platform 07-50-01 (Windows)
Hitachi uCosminexus Service Platform 07-50 (Windows)
Hitachi uCosminexus Service Platform 07-50 (Linux)
Hitachi uCosminexus Service Platform 07-50 (AIX)
Hitachi uCosminexus Service Platform 07-20-02 (Windows)
Hitachi uCosminexus Service Platform 07-20-01 (Windows)
Hitachi uCosminexus Service Platform 07-20 (Windows)
Hitachi uCosminexus Service Platform 07-10-06 (Linux)
Hitachi uCosminexus Service Platform 07-10-06 (AIX)
Hitachi uCosminexus Service Platform 07-10-01 (Windows)
Hitachi uCosminexus Service Platform 07-10-01 (Linux(IPF)
Hitachi uCosminexus Service Platform 07-10 (Windows)
Hitachi uCosminexus Service Platform 07-10 (Linux)
Hitachi uCosminexus Service Platform 07-10 (Linux(IPF))
Hitachi uCosminexus Service Platform 07-10 (AIX)
Hitachi uCosminexus Service Platform 07-03-03 (Linux(IPF)
Hitachi uCosminexus Service Platform 07-03-02 (Solaris)
Hitachi uCosminexus Service Platform 07-03-02 (HP-UX(IPF)
Hitachi uCosminexus Service Platform 07-00-12 (Linux)
Hitachi uCosminexus Service Platform 07-00-10 (Windows)
Hitachi uCosminexus Service Platform 07-00-10 (AIX)
Hitachi uCosminexus Service Platform 07-00-09 (Linux)
Hitachi uCosminexus Service Platform 07-00-09 (AIX)
Hitachi uCosminexus Service Platform 07-00-06 (Solaris)
Hitachi uCosminexus Service Platform 07-00-06 (Linux(IPF)
Hitachi uCosminexus Service Platform 07-00-06 (HP-UX)
Hitachi uCosminexus Service Platform 07-00-06 (HP-UX(IPF)
Hitachi uCosminexus Service Platform 07-00-05 (Linux(x64)
Hitachi uCosminexus Service Platform 07-00-03 (Windows)
Hitachi uCosminexus Service Platform 07-00-03 (Linux)
Hitachi uCosminexus Service Platform 07-00-03 (AIX)
Hitachi uCosminexus Service Platform 07-00 (Windows)
Hitachi uCosminexus Service Platform 07-00 (Linux)
Hitachi uCosminexus Service Platform 0
Hitachi uCosminexus Service Architect 8
Hitachi uCosminexus Service Architect 7
Hitachi uCosminexus Service Architect 6.7
Hitachi uCosminexus Service Architect 08-53 (Windows)
Hitachi uCosminexus Service Architect 08-00-02 (Windows)
Hitachi uCosminexus Service Architect 08-00-02 (AIX)
Hitachi uCosminexus Service Architect 08-00-01 (Solaris)
Hitachi uCosminexus Service Architect 08-00-01 (Linux)
Hitachi uCosminexus Service Architect 08-00-01 (Linux(x64)
Hitachi uCosminexus Service Architect 08-00-01 (Linux(IPF)
Hitachi uCosminexus Service Architect 08-00-01 (HP-UX(IPF)
Hitachi uCosminexus Service Architect 08-00-01 (AIX)
Hitachi uCosminexus Service Architect 08-00 (Windows)
Hitachi uCosminexus Service Architect 07-60 (Windows)
Hitachi uCosminexus Service Architect 07-50-10 (Windows)
Hitachi uCosminexus Service Architect 07-50-09 (Windows)
Hitachi uCosminexus Service Architect 07-50-02 (Windows)
Hitachi uCosminexus Service Architect 07-50-01 (Windows)
Hitachi uCosminexus Service Architect 07-50 (Windows)
Hitachi uCosminexus Service Architect 07-20-02 (Windows)
Hitachi uCosminexus Service Architect 07-20-01 (Windows)
Hitachi uCosminexus Service Architect 07-20 (Windows)
Hitachi uCosminexus Service Architect 07-10-01 (Windows)
Hitachi uCosminexus Service Architect 07-10 (Windows)
Hitachi uCosminexus Service Architect 07-03-03 (Linux(IPF)
Hitachi uCosminexus Service Architect 07-03-02 (Solaris)
Hitachi uCosminexus Service Architect 07-03-02 (HP-UX(IPF)
Hitachi uCosminexus Service Architect 07-00-10 (Windows)
Hitachi uCosminexus Service Architect 07-00-10 (AIX)
Hitachi uCosminexus Service Architect 07-00-09 (Linux)
Hitachi uCosminexus Service Architect 07-00-09 (AIX)
Hitachi uCosminexus Service Architect 07-00-06 (Solaris)
Hitachi uCosminexus Service Architect 07-00-06 (Linux(IPF)
Hitachi uCosminexus Service Architect 07-00-06 (HP-UX)
Hitachi uCosminexus Service Architect 07-00-06 (HP-UX(IPF)
Hitachi uCosminexus Service Architect 07-00-05 (Linux(x64)
Hitachi uCosminexus Service Architect 07-00-03 (Windows)
Hitachi uCosminexus Service Architect 07-00-03 (Linux)
Hitachi uCosminexus Service Architect 07-00-03 (AIX)
Hitachi uCosminexus Service Architect 07-00-02 (Windows)
Hitachi uCosminexus Service Architect 07-00-01 (Windows)
Hitachi uCosminexus Service Architect 07-00 (Windows)
Hitachi uCosminexus Service Architect 0
Hitachi uCosminexus Developer 07-50-01 (Windows)
Hitachi uCosminexus Developer 07-50 (Windows)
Hitachi uCosminexus Developer 07-20-01 (Windows)
Hitachi uCosminexus Developer 07-20 (Windows)
Hitachi uCosminexus Developer 07-10-01 (Windows)
Hitachi uCosminexus Developer 07-10 (Windows)
Hitachi uCosminexus Developer 07-00-03 (Windows)
Hitachi uCosminexus Developer 07-00-03 (Linux)
Hitachi uCosminexus Developer 07-00-03 (AIX)
Hitachi uCosminexus Developer 07-00 (Windows)
Hitachi uCosminexus Developer 06-71-/D (Windows)
Hitachi uCosminexus Developer 06-70-/D (Windows)
Hitachi uCosminexus Application Server 07-50-01 (Windows)
Hitachi uCosminexus Application Server 07-50 (Windows)
Hitachi uCosminexus Application Server 07-20-01 (Windows)
Hitachi uCosminexus Application Server 07-20 (Windows)
Hitachi uCosminexus Application Server 07-10-08 (HP-UX)
Hitachi uCosminexus Application Server 07-10-08 (HP-UX(IPF)
Hitachi uCosminexus Application Server 07-10-06 (Linux)
Hitachi uCosminexus Application Server 07-10-06 (Linux(IPF)
Hitachi uCosminexus Application Server 07-10-06 (AIX)
Hitachi uCosminexus Application Server 07-10-01 (Windows)
Hitachi uCosminexus Application Server 07-10-01 (Linux(IPF)
Hitachi uCosminexus Application Server 07-10-01 (HP-UX(IPF)
Hitachi uCosminexus Application Server 07-10 (Windows)
Hitachi uCosminexus Application Server 07-10 (Linux)
Hitachi uCosminexus Application Server 07-10 (Linux(IPF))
Hitachi uCosminexus Application Server 07-10 (HP-UX)
Hitachi uCosminexus Application Server 07-10 (HP-UX(IPF))
Hitachi uCosminexus Application Server 07-00-12 (Solaris)
Hitachi uCosminexus Application Server 07-00-12 (Linux)
Hitachi uCosminexus Application Server 07-00-12 (HP-UX(IPF)
Hitachi uCosminexus Application Server 07-00-12 (AIX)
Hitachi uCosminexus Application Server 07-00-03 (Windows)
Hitachi uCosminexus Application Server 07-00-03 (Linux)
Hitachi uCosminexus Application Server 07-00-03 (AIX)
Hitachi uCosminexus Application Server 07-00-01 (Solaris)
Hitachi uCosminexus Application Server 07-00-01 (Linux)
Hitachi uCosminexus Application Server 07-00 (Windows)
Hitachi uCosminexus Application Server 07-00 (Solaris)
Hitachi uCosminexus Application Server 07-00 (Linux)
Hitachi uCosminexus Application Server 07-00 (HP-UX(IPF))
Hitachi uCosminexus Application Server 07-00 (AIX)
Hitachi uCosminexus Application Server 06-71-/D (Windows)
Hitachi uCosminexus Application Server 06-71-/D (Linux)
Hitachi uCosminexus Application Server 06-71-/C (Linux)
Hitachi uCosminexus Application Server 06-70-/J (HP-UX(IPF)
Hitachi uCosminexus Application Server 06-70-/I (HP-UX(IPF)
Hitachi uCosminexus Application Server 06-70-/E (AIX)
Hitachi uCosminexus Application Server 06-70-/D (Windows
Hitachi uCosminexus Application Server 06-70-/D (Solaris)
Hitachi uCosminexus Application Server 06-70-/D (Linux)
Hitachi uCosminexus Application Server 06-70-/C (Linux(IPF)
Hitachi uCosminexus Application Server 06-70-/C (HP-UX)
Hitachi Hitachi Web Server 04-00 AIX
Hitachi Hitachi Web Server 03-00-02 (Windows)
Hitachi Hitachi Web Server 02-01 (AIX)
Hitachi Hitachi Web Server 01-02-/D (AIX)
Hitachi Cosminexus Developer Standard 6.0
Hitachi Cosminexus Developer Professional 6.0
Hitachi Cosminexus Developer 5.0
Hitachi Cosminexus Application Server Standard 6.0
Hitachi Cosminexus Application Server Enterprise 6.0
Hitachi Cosminexus Application Server 5.0
Fujitsu INTERSTAGE Studio Standard-J Edition 9.2
Fujitsu INTERSTAGE Studio Standard-J Edition 9.1
Fujitsu INTERSTAGE Studio Standard-J Edition 9.0
Fujitsu INTERSTAGE Studio Standard-J Edition 8.0.1
Fujitsu INTERSTAGE Studio Standard-J Edition 9.1.0 B
Fujitsu INTERSTAGE Studio Enterprise Edition 9.1
Fujitsu INTERSTAGE Studio Enterprise Edition 9.0
Fujitsu INTERSTAGE Studio Enterprise Edition 8.0.1
Fujitsu Interstage Business Application Server Enterprise Edition 8.0
Fujitsu INTERSTAGE Apworks Modelers-J Edition 7.0
Fujitsu INTERSTAGE Apworks Modelers-J Edition 6.0
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.2
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0.1
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.1
Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0
Fujitsu INTERSTAGE Application Server Standard-J Edition 9.1.0B
Fujitsu iNTERSTAGE Application Server Standard Edition 5.0
Fujitsu INTERSTAGE Application Server Plus Developer 5.0.1
Fujitsu INTERSTAGE Application Server Plus Developer 7.0
Fujitsu INTERSTAGE Application Server Plus Developer 6.0
Fujitsu Interstage Application Server Plus 7.0.1
Fujitsu Interstage Application Server Plus 6.0.2
Fujitsu Interstage Application Server Plus 6.0.1
Fujitsu Interstage Application Server Plus 5.0.1
Fujitsu Interstage Application Server Plus 6.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.2
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.2
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.3
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.2
Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0.2
Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0.1
Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 6.0
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0 L11
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0 L10B
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0 L10A
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0 L10
Fujitsu INTERSTAGE Application Server Enterprise Edition 5.0
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 5
Avaya Voice Portal 5.1.2
Avaya Voice Portal 5.1.1
Avaya Voice Portal 5.1
Avaya Voice Portal 5.0
Avaya Meeting Exchange 6.0
Avaya Meeting Exchange 5.2
Avaya Meeting Exchange 5.1
Avaya Meeting Exchange 5.0
Avaya IP Office Application Server 8.1
Avaya IP Office Application Server 8.0
Avaya Aura Session Manager 6.1.3
Avaya Aura Session Manager 6.1.2
Avaya Aura Session Manager 6.1.1
Avaya Aura Session Manager 6.1
Avaya Aura Session Manager 6.0
Avaya Aura Session Manager 5.2
Avaya Aura Session Manager 1.1
Avaya Aura Session Manager 1.0
Avaya Aura Messaging 6.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Messaging 6.0.1
Avaya Aura Messaging 6.0
Avaya Aura Experience Portal 6.0
Avaya Aura Communication Manager Utility Services 6.2
Avaya Aura Communication Manager Utility Services 6.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Communication Manager Utility Services 6.0
Avaya Aura Communication Manager 6.0.1
Avaya Aura Communication Manager 6.0
Avaya Aura Application Enablement Services 5.2.1
Avaya Aura Application Enablement Services 6.1.1
Avaya Aura Application Enablement Services 6.1
Avaya Aura Application Enablement Services 5.2.3
Avaya Aura Application Enablement Services 5.2.2
Avaya Aura Application Enablement Services 5.2
Apple Mac Os X Server 10.6.8
Apache Software Foundation Apache 2.3
Apache Software Foundation Apache 2.2.3
Apache Software Foundation Apache 2.2.2
Apache Software Foundation Apache 2.4.2
Not Vulnerable:

Discussion

Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities

Apache HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Apache HTTP Server versions prior to 2.4.4 are vulnerable.

Exploit / POC

Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting victim into following a malicious URI.

Solution / Fix

Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report