4 matches found
Apache 'mod_pagespeed'模块跨站脚本执行和安全限制绕过漏洞
BUGTRAQ ID: 55536 CVE ID: CVE-2012-4001 CVE-2012-4360 modpagespeed是开源的Apache模块,可自动优化网页和资源。 Apache 'modpagespeed'模块存在跨站脚本执行和安全限制绕过漏洞,成功利用后可允许攻击者绕过某些安全限制、执行任意脚本代码、窃取Cookie身份验证凭证并执行某些管理员操作。 0 Apache Group modpagespeed 0.10.22.6 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CVE-2012-4001
CVE-2012-4001 affects the mod_pagespeed module for the Apache HTTP Server (versions before 0.10.22.6). The vulnerability arises from improper verification of the module’s host name, allowing remote attackers to trigger HTTP requests to arbitrary hosts (demonstrated via intranet targets) due to an...
FreeBSD : mod_pagespeed -- multiple vulnerabilities (178ba4ea-fd40-11e1-b2ae-001fd0af1a4c)
Google Reports : modpagespeed 0.10.22.6 is a security update that fixes two critical issues that affect earlier versions : - CVE-2012-4001, a problem with validation of own host name. - CVE-2012-4360, a cross-site scripting attack, which affects versions starting from 0.10.19.1. The effect of the...
mod_pagespeed -- multiple vulnerabilities
Google Reports: modpagespeed 0.10.22.6 is a security update that fixes two critical issues that affect earlier versions: CVE-2012-4001, a problem with validation of own host name. CVE-2012-4360, a cross-site scripting attack, which affects versions starting from 0.10.19.1. The effect of the first...