cbcvebase.
CVE-2009-0796
published 2009-04-07

CVE-2009-0796: Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when…

PriorityP421low2.6CVSS 2.0
AVNACHAuNCNIPAN
EXPLOIT
EPSS
29.64%
98.0th percentile
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.

Affected

3 ranges
VendorProductVersion rangeFixed in
apachemod_perl
apachemod_perl
debianlibapache2-mod-perl2< libapache2-mod-perl2 2.0.4-6 (bookworm)libapache2-mod-perl2 2.0.4-6 (bookworm)

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://www.example.com/perl-status/APR::SockAddr::port/%22%3E%3Cscript%3Ealert(1)%3C/script%3E
path/perl-status
  • Monitor HTTP requests to /perl-status endpoint for URI-encoded XSS payloads (e.g., %22%3E%3Cscript%3E patterns in the URI path)
  • The vulnerable endpoint is /perl-status — alert on any external/untrusted access to this path, as it is a non-default configuration that must be explicitly enabled in httpd.conf
  • Inspect the URI component of requests to /perl-status for injected HTML/script tags, as the vulnerability is triggered via unsanitized URI input passed through Status.pm
  • ·The vulnerability only exists when /perl-status is explicitly made accessible — default Apache configurations are NOT affected
  • ·Both mod_perl1 (Apache::Status) and mod_perl2 (Apache2::Status) are affected; detection should cover both module variants

CVSS provenance

nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
osv2.6LOW
vendor_debian2.6LOW
vendor_redhat2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.