CVE-2012-4001

The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:google:mod_pagespeed:*:*:*:*:*:*:*:*
cpe:2.3:a:google:mod_pagespeed:0.10.19.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:42

Type Values Removed Values Added
References () https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001 - Vendor Advisory () https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001 - Vendor Advisory
References () https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6 - Vendor Advisory () https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6 - Vendor Advisory

Information

Published : 2012-09-15 10:37

Updated : 2024-11-21 01:42


NVD link : CVE-2012-4001

Mitre link : CVE-2012-4001

CVE.ORG link : CVE-2012-4001


JSON object : View

Products Affected

apache

  • http_server

google

  • mod_pagespeed
CWE
CWE-20

Improper Input Validation