CVE-2012-0883
Description
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
Related CPE's
References
Vendor Advisory
PatchVendor Advisory
Broken Link
Broken LinkThird Party AdvisoryVDB Entry
Issue TrackingMailing ListThird Party Advisory
Not Applicable
Mailing ListThird Party Advisory
Mailing ListThird Party Advisory
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
Third Party Advisory
Broken Link
Broken LinkMailing List
Broken LinkThird Party Advisory
Vendor Advisory
Third Party AdvisoryVDB Entry
Third Party AdvisoryVDB Entry
Release NotesThird Party Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
Mailing ListVendor Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Version | 2.0 |
VectorString | AV:L/AC:M/Au:N/C:C/I:C/A:C |
AccessVector | LOCAL |
AccessComplexity | MEDIUM |
Authentication | NONE |
ConfidentialityImpact | COMPLETE |
IntegrityImpact | COMPLETE |
AvailabilityImpact | COMPLETE |
BaseScore | 6.900000095367432 |