CVE-2006-5752Cross-site Scripting in Apache Http Server

CWE-79Cross-site Scripting8 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
18.4%
top 4.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apache Http ServerCanonical Ubuntu LinuxFedoraproject Fedora+4 more
Timeline
PublishedJun 27
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

NVDapache/http_server1.3.21.3.39+2
NVDredhat/enterprise_linux_server3.0, 4.0, 5.0+2
NVDredhat/enterprise_linux_desktop3.0, 4.0, 5.0+2

Also affects: Fedora 7, Ubuntu Linux 6.06, 6.10, 7.04, Enterprise Linux 4.5

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-jp93-qpwr-857r: Cross-site scripting (XSS) vulnerability in mod_status2022-05-01
CVEList
CVE-2006-5752: Cross-site scripting (XSS) vulnerability in mod_status2007-06-27
OSV
CVE-2006-5752: Cross-site scripting (XSS) vulnerability in mod_status2007-06-27

📋Vendor Advisories

3
Ubuntu
Apache vulnerabilities2007-08-17
Red Hat
httpd mod_status XSS2007-06-20
Debian
CVE-2006-5752: apache2 - Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status modul...2006

💬Community

1
Bugzilla
CVE-2006-5752 httpd mod_status XSS2007-06-21
CVE-2006-5752 — Cross-site Scripting in Apache | cvebase