CVE-2007-6388 — Cross-site Scripting in Apache Http Server

CWE-79 — Cross-site Scripting7 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

85.0%

top 0.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedJan 8

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server1.3.2 — 1.3.39+2

Patches

Patch: www.mandriva.com ↗Patch: www116.nortel.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-www7-pq67-9w24: Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2↗2022-05-01

▶

CVEList

CVE-2007-6388: Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2↗2008-01-08

▶

OSV

CVE-2007-6388: Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2↗2008-01-08

▶

📋Vendor Advisories

Ubuntu

Apache vulnerabilities↗2008-02-04

▶

Red Hat

apache mod_status cross-site scripting↗2007-12-29

▶

Debian

CVE-2007-6388: apache2 - Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server...↗2007

▶