The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability bulletin CVE-2012-4558

Apache httpd: Cross Site Scripting of mod_proxy_balancer

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Apache httpd mod_proxy_balancer, in order to execute JavaScript code in the context of the web site.
Impacted products: Apache httpd, Debian, Fedora, NSMXpress, MBS, MES, Mandriva Linux, openSUSE, Solaris, RHEL, JBoss EAP by Red Hat, Slackware.
Severity: 2/4.
Creation date: 25/02/2013.
Identifiers: BID-58165, CERTA-2013-AVI-153, CERTA-2013-AVI-387, CERTFR-2014-AVI-112, CERTFR-2015-AVI-286, CVE-2012-4558, DSA-2637-1, FEDORA-2013-4541, JSA10685, MDVSA-2013:015, MDVSA-2013:015-1, openSUSE-SU-2013:0629-1, openSUSE-SU-2013:0632-1, RHSA-2013:0815-01, RHSA-2013:1012-01, RHSA-2013:1013-01, RHSA-2013:1207-01, RHSA-2013:1208-01, RHSA-2013:1209-01, SSA:2013-062-01, VIGILANCE-VUL-12458.

Description of the vulnerability

The Apache httpd mod_proxy_balancer module is used to balance the load between several mod_proxy services.

However, the manager interface of this module does not correctly validate received data before displaying them in the generated web document.

An attacker can therefore trigger a Cross Site Scripting in Apache httpd mod_proxy_balancer, in order to execute JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides network vulnerability bulletins. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.