The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
References
Link | Resource |
---|---|
https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001 | Vendor Advisory |
https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2012-09-15 10:37
Updated : 2024-02-28 12:00
NVD link : CVE-2012-4001
Mitre link : CVE-2012-4001
CVE.ORG link : CVE-2012-4001
JSON object : View
Products Affected
apache
- http_server
- mod_pagespeed
CWE
CWE-20
Improper Input Validation