Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:60386
HistorySep 18, 2012 - 12:00 a.m.

Apache HTTP Server envvars本地权限提升漏洞

2012-09-1800:00:00
Root
www.seebug.org
780

0.0004 Low

EPSS

Percentile

10.9%

JSON

CVE ID: CVE-2012-0883

Apache HTTP Server是Apache软件基金会的一个开放源码的网页服务器,可以在大多数计算机操作系统中运行,由于其多平台和安全性被广泛使用,是最流行的Web服务器端软件之一。

Apache HTTP Server 2.4.2之前版本的envvars (即envvars-std)在LD_LIBRARY_PATH中放置了零长度的目录名称,可允许本地用户在执行apachectl过程中通过当前工作目录中的木马DSO获取权限。
0
Apache Group HTTP Server < 2.4.2
厂商补丁:

Apache Group

Apache Group已经为此发布了一个安全公告(Announcement2.2)以及相应补丁:

Announcement2.2:Apache HTTP Server 2.2.23 Released

链接:http://www.apache.org/dist/httpd/Announcement2.2.html

Related

prion 1
ubuntucve 1
cve 1
freebsd 2
httpd 2
nessus 17
openvas 14
seebug 2
debiancve 1
securityvulns 7
fedora 1
f5 2
altlinux 3
redhat 1
gentoo 1
prion
prion
Directory traversal
2012-04-18 10:33:00
ubuntucve
ubuntucve
CVE-2012-0883
2012-04-18 00:00:00
cve
cve
CVE-2012-0883
2012-04-18 10:33:00
freebsd
freebsd
Apache -- Insecure LD_LIBRARY_PATH handling
2012-03-02 00:00:00
apache22 -- several vulnerabilities
2012-09-13 00:00:00
httpd
httpd
Apache Httpd < 2.4.2 : insecure LD_LIBRARY_PATH handling
2012-02-14 00:00:00
Apache Httpd < 2.2.23 : insecure LD_LIBRARY_PATH handling
2012-02-14 00:00:00
nessus
nessus
FreeBSD : Apache -- Insecure LD_LIBRARY_PATH handling (de2bc01f-dc44-11e1-9f4d-002354ed89bc)
2012-08-02 00:00:00
Apache 2.4.x < 2.4.2 'LD_LIBRARY_PATH' Insecure Library Loading
2012-04-19 00:00:00
Apache 2.2 < 2.2.23 Multiple Vulnerabilities
2012-09-17 00:00:00
openvas
openvas
FreeBSD Ports: apache
2012-08-10 00:00:00
Apache HTTP Server Privilege Escalation Vulnerability (Mar 2012) - Linux
2021-11-01 00:00:00
FreeBSD Ports: apache
2012-08-10 00:00:00
seebug
seebug
Apache HTTP Server 'LD_LIBRARY_PATH'不安全库加载任意代码执行漏洞
2012-10-11 00:00:00
Apache HTTP Server 'LD_LIBRARY_PATH'不安全库装载任意代码执行漏洞
2012-04-20 00:00:00
debiancve
debiancve
CVE-2012-0883
2012-04-18 10:33:00
securityvulns
securityvulns
Apache security vulnerabilities
2012-10-01 00:00:00
[ MDVSA-2012:154 ] apache
2012-10-01 00:00:00
[security bulletin] HPSBMU02900 rev.2 - HP System Management Homepage &#40;SMH&#41; running on Linux and Windows, Multiple Remote and Local Vulnerabilities
2013-07-19 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: httpd-2.2.23-1.fc17
2013-02-12 04:59:23
f5
f5
SOL15899 - Multiple Apache vulnerabilities CVE-2012-4558, CVE-2012-0883, CVE-2011-3348, and CVE-2010-1452
2014-12-08 00:00:00
K15899 : Multiple Apache vulnerabilities CVE-2012-4558, CVE-2012-0883, CVE-2011-3348, and CVE-2010-1452
2014-12-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.24-alt1
2013-04-14 00:00:00
redhat
redhat
(RHSA-2012:1594) Important: JBoss Enterprise Application Platform 6.0.1 update
2012-12-18 00:00:00
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00

0.0004 Low

EPSS

Percentile

10.9%

JSON
Related for SSV:60386
prion1ubuntucve1cve1freebsd2httpd2nessus17openvas14seebug2debiancve1securityvulns7fedora1f52altlinux3redhat1gentoo1