Lucene search
K

4 matches found

seebug.org
seebug.org
added 2012/09/18 12:0 a.m.30 views

Apache 'mod_pagespeed'模块跨站脚本执行和安全限制绕过漏洞

BUGTRAQ ID: 55536 CVE ID: CVE-2012-4001 CVE-2012-4360 modpagespeed是开源的Apache模块,可自动优化网页和资源。 Apache 'modpagespeed'模块存在跨站脚本执行和安全限制绕过漏洞,成功利用后可允许攻击者绕过某些安全限制、执行任意脚本代码、窃取Cookie身份验证凭证并执行某些管理员操作。 0 Apache Group modpagespeed 0.10.22.6 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

5CVSS6.4AI score0.01138EPSS
Exploits1
CVE
CVE
added 2012/09/15 10:0 a.m.180 views

CVE-2012-4001

CVE-2012-4001 affects the mod_pagespeed module for the Apache HTTP Server (versions before 0.10.22.6). The vulnerability arises from improper verification of the module’s host name, allowing remote attackers to trigger HTTP requests to arbitrary hosts (demonstrated via intranet targets) due to an...

5CVSS6.8AI score0.0068EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/09/13 12:0 a.m.32 views

FreeBSD : mod_pagespeed -- multiple vulnerabilities (178ba4ea-fd40-11e1-b2ae-001fd0af1a4c)

Google Reports : modpagespeed 0.10.22.6 is a security update that fixes two critical issues that affect earlier versions : - CVE-2012-4001, a problem with validation of own host name. - CVE-2012-4360, a cross-site scripting attack, which affects versions starting from 0.10.19.1. The effect of the...

5CVSS5.1AI score0.01138EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2012/09/12 12:0 a.m.29 views

mod_pagespeed -- multiple vulnerabilities

Google Reports: modpagespeed 0.10.22.6 is a security update that fixes two critical issues that affect earlier versions: CVE-2012-4001, a problem with validation of own host name. CVE-2012-4360, a cross-site scripting attack, which affects versions starting from 0.10.19.1. The effect of the first...

5CVSS5.9AI score0.01138EPSS
Exploits1References1
Rows per page
Query Builder