Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-0216

The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.

Related bugs and status

CVE-2012-0216 (Candidate) is related to these bugs:

Bug #1026797: Default /usr/share/doc serving should be removed (CVE-2012-0216)

Summary				In	Importance	Status
	1026797	Default /usr/share/doc serving should be removed (CVE-2012-0216)		apache2 (Ubuntu)	Low	Triaged

See the

CVE page on Mitre.org for more details.

References

DEBIAN: DSA-2452
XF: gnulinux-apache2-xss(7...