CVE-2012-4558

Publication date 26 February 2013

Last updated 24 July 2024

Ubuntu priority

Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
apache2	12.10 quantal	Fixed 2.2.22-6ubuntu2.2
	12.04 LTS precise	Fixed 2.2.22-1ubuntu1.3
	11.10 oneiric	Fixed 2.2.20-1ubuntu1.4
	10.04 LTS lucid	Fixed 2.2.14-5ubuntu8.11
	8.04 LTS hardy	Fixed 2.2.8-1ubuntu0.25

Notes

mdeslaur

same commit as CVE-2012-3499

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
apache2	Upstream: http://svn.apache.org/viewvc?view=revision&revision=1447390 Vendor: http://www.debian.org/security/2013/dsa-2637

References

Related Ubuntu Security Notices (USN)