Description

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

Remediation

References

CVE-2012-0883

Related Vulnerabilities

PHP Out-of-bounds Read Vulnerability (CVE-2016-6294)

IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1476)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.8)

WordPress Plugin WP-Predict 'predictId' Parameter Blind SQL Injection (1.0)

WordPress Plugin Open Graph for Facebook, Google+ and Twitter Card Tags Unspecified Vulnerability (2.2.4.1)

Severity

Medium

Classification

CVE-2012-0883

Tags

Missing Update Known Vulnerabilities