The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
References
| Link | Resource |
|---|---|
| https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001 | Vendor Advisory |
| https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6 | Vendor Advisory |
| https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001 | Vendor Advisory |
| https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
21 Nov 2024, 01:42
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001 - Vendor Advisory | |
| References | () https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6 - Vendor Advisory |
Information
Published : 2012-09-15 10:37
Updated : 2024-11-21 01:42
NVD link : CVE-2012-4001
Mitre link : CVE-2012-4001
CVE.ORG link : CVE-2012-4001
JSON object : View
Products Affected
apache
- http_server
- mod_pagespeed
CWE
CWE-20
Improper Input Validation