NVD

Id
42945  
Name
CVE-2012-0883  
Description
envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.  
Reject
 
CVSS Version
2  
CVSS Score
6.9  
Severity
Medium  
CVSS Base Score
6.9  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.4  
CVSS Vector
(AV:L/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2012-04-18  
Modified Date
2017-01-06  
Seq
2012-0883  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
216226 42945 CVE-2012-0883 [dev] 20120417 [ANNOUNCEMENT] Apache HTTP Server 2.4.2 Released  View
216227 42945 CVE-2012-0883 APPLE-SA-2013-09-12-1  View
216228 42945 CVE-2012-0883 openSUSE-SU-2013:0243  View
216229 42945 CVE-2012-0883 openSUSE-SU-2013:0248  View
216230 42945 CVE-2012-0883 SSRT100856  View
216231 42945 CVE-2012-0883 http://support.apple.com/kb/HT5880  View
216232 42945 CVE-2012-0883 http://svn.apache.org/viewvc?view=revision&revision=1296428  View
216233 42945 CVE-2012-0883 http://www.apache.org/dist/httpd/Announcement2.4.html  View
216234 42945 CVE-2012-0883 1026932  View
216235 42945 CVE-2012-0883 http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf  View
216236 42945 CVE-2012-0883 HPSBMU02900  View
216237 42945 CVE-2012-0883 https://httpd.apache.org/security/vulnerabilities_24.html  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
26387 JVNDB-2012-002094 Apache HTTP Server の envvars における権限を取得される脆弱性 Apache HTTP Server の envvars には、LD_LIBRARY_PATH に長さゼロのディレクトリ名を配置することで、権限を取得される脆弱性が存在します。 CVE-2012-0883 54121 CVE-2012-0883 42945 6.9 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-002094.html 2012-03-02 2016-08-02 View