CVE-2009-0796
published 2009-04-07CVE-2009-0796: Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when…
PriorityP421low2.6CVSS 2.0
AVNACHAuNCNIPAN
EXPLOIT
EPSS
29.64%
98.0th percentile
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | mod_perl | — | — |
| apache | mod_perl | — | — |
| debian | libapache2-mod-perl2 | < libapache2-mod-perl2 2.0.4-6 (bookworm) | libapache2-mod-perl2 2.0.4-6 (bookworm) |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to /perl-status endpoint for URI-encoded XSS payloads (e.g., %22%3E%3Cscript%3E patterns in the URI path) ↗
- →The vulnerable endpoint is /perl-status — alert on any external/untrusted access to this path, as it is a non-default configuration that must be explicitly enabled in httpd.conf ↗
- →Inspect the URI component of requests to /perl-status for injected HTML/script tags, as the vulnerability is triggered via unsanitized URI input passed through Status.pm ↗
- ·The vulnerability only exists when /perl-status is explicitly made accessible — default Apache configurations are NOT affected ↗
- ·Both mod_perl1 (Apache::Status) and mod_perl2 (Apache2::Status) are affected; detection should cover both module variants ↗
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
osv2.6LOW
vendor_debian2.6LOW
vendor_redhat2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-22g4-6c36-68p9: Cross-site scripting (XSS) vulnerability in Status
ghsa_unreviewed·2022-05-02
CVE-2009-0796 [LOW] CWE-79 GHSA-22g4-6c36-68p9: Cross-site scripting (XSS) vulnerability in Status
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
OSV
CVE-2009-0796: Cross-site scripting (XSS) vulnerability in Status
osv·2009-04-07·CVSS 2.6
CVE-2009-0796 [LOW] CVE-2009-0796: Cross-site scripting (XSS) vulnerability in Status
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
Red Hat
Apache:: Status XSS flaw
vendor_redhat·2009-04-01·CVSS 2.6
CVE-2009-0796 [LOW] CWE-79 Apache:: Status XSS flaw
Apache:: Status XSS flaw
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
Statement: Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0796
The Red Hat Product Security has rated this issue as having moderate security impact, a future mod_perl package update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/
Debian
CVE-2009-0796: libapache2-mod-perl2 - Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apac...
vendor_debian·2009·CVSS 2.6
CVE-2009-0796 [LOW] CVE-2009-0796: libapache2-mod-perl2 - Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apac...
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
Scope: local
bookworm: resolved (fixed in 2.0.4-6)
bullseye: resolved (fixed in 2.0.4-6)
forky: resolved (fixed in 2.0.4-6)
sid: resolved (fixed in 2.0.4-6)
trixie: resolved (fixed in 2.0.4-6)
No detection rules found.
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlhttp://secunia.com/advisories/34597http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021709.1-1http://support.apple.com/kb/HT4435http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?r1=177851&r2=761081&pathrev=761081&diff_format=hhttp://svn.apache.org/viewvc?view=rev&revision=761081http://www.gossamer-threads.com/lists/modperl/modperl-cvs/99477#99477http://www.gossamer-threads.com/lists/modperl/modperl/99475#99475http://www.mandriva.com/security/advisories?name=MDVSA-2009:091http://www.securityfocus.com/archive/1/502709/100/0/threadedhttp://www.securityfocus.com/bid/34383http://www.securitytracker.com/id?1021988http://www.vupen.com/english/advisories/2009/0943https://bugzilla.redhat.com/show_bug.cgi?id=494402https://launchpad.net/bugs/cve/2009-0796https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8488http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlhttp://secunia.com/advisories/34597http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021709.1-1http://support.apple.com/kb/HT4435http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?r1=177851&r2=761081&pathrev=761081&diff_format=hhttp://svn.apache.org/viewvc?view=rev&revision=761081http://www.gossamer-threads.com/lists/modperl/modperl-cvs/99477#99477http://www.gossamer-threads.com/lists/modperl/modperl/99475#99475http://www.mandriva.com/security/advisories?name=MDVSA-2009:091http://www.securityfocus.com/archive/1/502709/100/0/threadedhttp://www.securityfocus.com/bid/34383http://www.securitytracker.com/id?1021988http://www.vupen.com/english/advisories/2009/0943https://bugzilla.redhat.com/show_bug.cgi?id=494402https://launchpad.net/bugs/cve/2009-0796https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8488
2009-04-07
Published