CVE Vulnerabilities

CVE-2012-0883

Published: Apr 18, 2012 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

Affected Software

Name Vendor Start Version End Version
Http_server Apache 2.2.0 *
Http_server Apache 2.4.1 2.4.1

References