VYPR
Unrated severityNVD Advisory· Published Apr 18, 2012· Updated Jun 16, 2026

CVE-2012-0883

CVE-2012-0883

Description

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*range: >=2.2.0,<2.2.23
    • cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
    • (no CPE)range: < 2.4.2
  • OpenSUSE/openSUSE2 versions
    cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

32

News mentions

0

No linked articles in our index yet.