Back to search
CVE-2006-5752
Published: Jun 27, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
28606
third-party-advisory
x_refsource_SECUNIA
26458
third-party-advisory
x_refsource_SECUNIA
MDKSA-2007:142
vendor-advisory
x_refsource_MANDRIVA
RHSA-2007:0533
vendor-advisory
x_refsource_REDHAT
26822
third-party-advisory
x_refsource_SECUNIA
apache-modstatus-xss(35097)
vdb-entry
x_refsource_XF
ADV-2007-4305
vdb-entry
x_refsource_VUPEN
RHSA-2007:0557
vendor-advisory
x_refsource_REDHAT
PK52702
vendor-advisory
x_refsource_AIXAPAR
MDKSA-2007:140
vendor-advisory
x_refsource_MANDRIVA
25827
third-party-advisory
x_refsource_SECUNIA
25920
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:10154
vdb-entry
signature
x_refsource_OVAL
26993
third-party-advisory
x_refsource_SECUNIA
28212
third-party-advisory
x_refsource_SECUNIA
27563
third-party-advisory
x_refsource_SECUNIA
27732
third-party-advisory
x_refsource_SECUNIA
103179
vendor-advisory
x_refsource_SUNALERT
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
x_refsource_CONFIRM
RHSA-2007:0556
vendor-advisory
x_refsource_REDHAT
http://httpd.apache.org/security/vulnerabilities_20.html
x_refsource_CONFIRM
24645
vdb-entry
x_refsource_BID
SUSE-SA:2007:061
vendor-advisory
x_refsource_SUSE
FEDORA-2007-2214
vendor-advisory
x_refsource_FEDORA
2007-0026
vendor-advisory
x_refsource_TRUSTIX
http://httpd.apache.org/security/vulnerabilities_22.html
x_refsource_CONFIRM
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112
x_refsource_MISC
ADV-2007-3386
vdb-entry
x_refsource_VUPEN
1018302
vdb-entry
x_refsource_SECTRACK
20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
mailing-list
x_refsource_BUGTRAQ
MDKSA-2007:141
vendor-advisory
x_refsource_MANDRIVA
ADV-2008-0233
vdb-entry
x_refsource_VUPEN
27037
third-party-advisory
x_refsource_SECUNIA
26443
third-party-advisory
x_refsource_SECUNIA
[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
mailing-list
x_refsource_MLIST
http://httpd.apache.org/security/vulnerabilities_13.html
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=rev&revision=549159
x_refsource_CONFIRM
GLSA-200711-06
vendor-advisory
x_refsource_GENTOO
RHSA-2007:0532
vendor-advisory
x_refsource_REDHAT
https://issues.rpath.com/browse/RPL-1500
x_refsource_CONFIRM
PK49295
vendor-advisory
x_refsource_AIXAPAR
28224
third-party-advisory
x_refsource_SECUNIA
200032
vendor-advisory
x_refsource_SUNALERT
SSRT071447
vendor-advisory
x_refsource_HP
HPSBUX02262
vendor-advisory
x_refsource_HP
37052
vdb-entry
x_refsource_OSVDB
25830
third-party-advisory
x_refsource_SECUNIA
USN-499-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2008:0261
vendor-advisory
x_refsource_REDHAT
26508
third-party-advisory
x_refsource_SECUNIA
http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm
x_refsource_CONFIRM
26842
third-party-advisory
x_refsource_SECUNIA
ADV-2007-3283
vdb-entry
x_refsource_VUPEN
ADV-2007-2727
vdb-entry
x_refsource_VUPEN
RHSA-2007:0534
vendor-advisory
x_refsource_REDHAT
26273
third-party-advisory
x_refsource_SECUNIA
25873
third-party-advisory
x_refsource_SECUNIA
http://bugs.gentoo.org/show_bug.cgi?id=186219
x_refsource_CONFIRM
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now