CVE-2012-4001

N/A

Description

The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.

CVE Details

CVSS v3.1 ScoreN/A

Published9/15/2012

Last Modified4/29/2026

Sourcenvd

Honeypot Sightings0

Affected Products

apache:http_servergoogle:mod_pagespeed

Weaknesses (CWE)

CWE-20

References

https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001(cve@mitre.org)

https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6(cve@mitre.org)

https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001(af854a3a-2127-422b-91ae-364da2661108)

https://developers.google.com/speed/docs/mod_pagespeed/announce-0.10.22.6(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.