envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
References
Configurations
History
07 Nov 2023, 02:10
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2012-04-18 10:33
Updated : 2024-02-28 12:00
NVD link : CVE-2012-0883
Mitre link : CVE-2012-0883
CVE.ORG link : CVE-2012-0883
JSON object : View
Products Affected
apache
- http_server
opensuse
- opensuse
CWE