Executive Summary

Informations
NameCVE-2012-0216First vendor Publication2012-04-22
VendorCveLast vendor Modification2012-08-13

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score4.4Attack RangeLocal
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score3.4AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0216

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20114
 
Oval ID: oval:org.mitre.oval:def:20114
Title: DSA-2452-1 apache2 - insecure default configuration
Description: Niels Heinen noticed a security issue with the default Apache configuration on Debian if certain scripting modules like mod_php or mod_rivet are installed. The problem arises because the directory /usr/share/doc, which is mapped to the URL /doc, may contain example scripts that can be executed by requests to this URL. Although access to the URL /doc is restricted to connections from localhost, this still creates security issues in two specific configurations.
Family: unix Class: patch
Reference(s): DSA-2452-1
CVE-2012-0216
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): apache2
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application3

OpenVAS Exploits

DateDescription
2012-04-30Name : Debian Security Advisory DSA 2452-1 (apache2)
File : nvt/deb_2452_1.nasl

Nessus® Vulnerability Scanner

DateDescription
2012-04-16Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2452.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
DEBIANhttp://www.debian.org/security/2012/dsa-2452
XFhttp://xforce.iss.net/xforce/xfdb/75211

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 11:07:14
  • Multiple Updates
2013-05-10 22:31:59
  • Multiple Updates