CVE-2012-4001

Description

The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.

Related CPE's

agooglemod_pagespeed0.10.19.1*******

agooglemod_pagespeed********

aapachehttp_server********

References

https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6

Vendor Advisory

https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:N/I:P/A:N

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

5

Created by Yello
About Severity.io