CVE-2012-0216

The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
debianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
debianapache2
𝑥
≤ 2.2.16-6
debianapache2
𝑥
≤ 2.2.22-1
debianapache2
𝑥
≤ 2.2.22-3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apache2
bullseye
2.4.62-1~deb11u1
fixed
bullseye (security)
2.4.62-1~deb11u2
fixed
bookworm
2.4.62-1~deb12u1
fixed
bookworm (security)
2.4.62-1~deb12u2
fixed
sid
2.4.62-3
fixed
trixie
2.4.62-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apache2
quantal
not-affected
precise
ignored
oneiric
ignored
natty
ignored
lucid
ignored
hardy
ignored
References
http://www.debian.org/security/2012/dsa-2452
https://exchange.xforce.ibmcloud.com/vulnerabilities/75211
http://www.debian.org/security/2012/dsa-2452
https://exchange.xforce.ibmcloud.com/vulnerabilities/75211