Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0796

CWE-79Cross-site Scripting (XSS)8 documents8 sources
Severity
2.6LOW
EPSS
60.7%
top 1.71%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache MOD Perl
Timeline
PublishedApr 7
Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

Debianlibapache2-mod-perl2< 2.0.4-6+3
NVDapache/mod_perl1, 2+1

Patches

Patch: svn.apache.orgPatch: svn.apache.org

🔴Vulnerability Details

3
GHSA
GHSA-22g4-6c36-68p9: Cross-site scripting (XSS) vulnerability in Status2022-05-02
CVEList
CVE-2009-0796: Cross-site scripting (XSS) vulnerability in Status2009-04-07
OSV
CVE-2009-0796: Cross-site scripting (XSS) vulnerability in Status2009-04-07

💥Exploits & PoCs

1
Exploit-DB
Apache mod_perl - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting2009-11-09

📋Vendor Advisories

2
Red Hat
Apache:: Status XSS flaw2009-04-01
Debian
CVE-2009-0796: libapache2-mod-perl2 - Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apac...2009

💬Community

1
Bugzilla
CVE-2009-0796 httpd mod_perl Apache::Status XSS flaw2009-04-06
CVE-2009-0796 (LOW CVSS 2.6) | Cross-site scripting (XSS) vulnerab | cvebase.io