CVE-2012-0216 (retired)

The default configuration of the apache2 package in Debian GNU/Linux
squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before
2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under
the doc/ URI, which might allow local users to conduct cross-site scripting
(XSS) attacks, gain privileges, or obtain sensitive information via vectors
involving localhost HTTP requests to the Apache HTTP Server.
 mdeslaur> fixing this requires a conf file change, which we try not to
 mdeslaur> do in security updates. Marking as ignored since we will not
 mdeslaur> fix this in stable releases. Workaround is simply for the admin
 mdeslaur> to remove the doc directory in the conf files.
Upstream:released (2.2.22-4)
More Information

Updated: 2019-09-19 15:39:19 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)