Vulnerability Description
The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mod Pagespeed | <= 0.10.22.4 | |
| Apache | Http Server | All versions |
Related Weaknesses (CWE)
References
- https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001Vendor Advisory
- https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6Vendor Advisory
- https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001Vendor Advisory
- https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6Vendor Advisory
FAQ
What is CVE-2012-4001?
CVE-2012-4001 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified v...
How severe is CVE-2012-4001?
CVE-2012-4001 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4001?
Check the references section above for vendor advisories and patch information. Affected products include: Google Mod Pagespeed, Apache Http Server.