CVE-2006-5752

Current Description

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.

Basic Data

PublishedJune 27, 2007
Last ModifiedOctober 17, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSRedhatEnterprise Linux2.1*es*****
      2.3OSRedhatEnterprise Linux2.1*ia64*****
      2.3OSRedhatEnterprise Linux2.1*ws*****
      2.3OSRedhatEnterprise Linux3.0*as*****
      2.3OSRedhatEnterprise Linux3.0*es*****
      2.3OSRedhatEnterprise Linux3.0*ws*****
      2.3OSRedhatEnterprise Linux4.0*as*****
      2.3OSRedhatEnterprise Linux4.0*es*****
      2.3OSRedhatEnterprise Linux4.0*ws*****
      2.3OSRedhatEnterprise Linux5.0*desktop*****
      2.3OSRedhatEnterprise Linux5.0*desktop_workstation*****
      2.3OSRedhatEnterprise Linux Desktop3.0*******
      2.3OSRedhatEnterprise Linux Desktop4.0*******
      2.3OSRedhatLinux Advanced Workstation2.1*ia64*****
      2.3OSRedhatLinux Advanced Workstation2.1*itanium*****
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationApacheHttp Server2.2.0*******
      2.3ApplicationApacheHttp Server2.2.3*******
      2.3ApplicationApacheHttp Server2.2.4*******

Vulnerable Software List

VendorProductVersions
Apache Http Server 2.2.0, 2.2.3, 2.2.4

References

NameSourceURLTags
http://bugs.gentoo.org/show_bug.cgi?id=186219http://bugs.gentoo.org/show_bug.cgi?id=186219CONFIRM
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112MISC
SSRT071447http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795HP
http://httpd.apache.org/security/vulnerabilities_13.htmlhttp://httpd.apache.org/security/vulnerabilities_13.htmlCONFIRM
http://httpd.apache.org/security/vulnerabilities_20.htmlhttp://httpd.apache.org/security/vulnerabilities_20.htmlCONFIRM
http://httpd.apache.org/security/vulnerabilities_22.htmlhttp://httpd.apache.org/security/vulnerabilities_22.htmlCONFIRM
[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Serverhttp://lists.vmware.com/pipermail/security-announce/2009/000062.htmlMLIST
37052http://osvdb.org/37052OSVDB
RHSA-2007:0534http://rhn.redhat.com/errata/RHSA-2007-0534.htmlREDHAT
RHSA-2007:0556http://rhn.redhat.com/errata/RHSA-2007-0556.htmlREDHAT
25827http://secunia.com/advisories/25827SECUNIA
25830http://secunia.com/advisories/25830SECUNIA
25873http://secunia.com/advisories/25873SECUNIA
25920http://secunia.com/advisories/25920SECUNIA
26273http://secunia.com/advisories/26273SECUNIA
26443http://secunia.com/advisories/26443SECUNIA
26458http://secunia.com/advisories/26458SECUNIA
26508http://secunia.com/advisories/26508SECUNIA
26822http://secunia.com/advisories/26822SECUNIA
26842http://secunia.com/advisories/26842SECUNIA
26993http://secunia.com/advisories/26993SECUNIA
27037http://secunia.com/advisories/27037SECUNIA
27563http://secunia.com/advisories/27563SECUNIA
27732http://secunia.com/advisories/27732SECUNIA
28212http://secunia.com/advisories/28212SECUNIA
28224http://secunia.com/advisories/28224SECUNIA
28606http://secunia.com/advisories/28606SECUNIA
GLSA-200711-06http://security.gentoo.org/glsa/glsa-200711-06.xmlGENTOO
103179http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1SUNALERT
200032http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1SUNALERT
http://support.avaya.com/elmodocs2/security/ASA-2007-353.htmhttp://support.avaya.com/elmodocs2/security/ASA-2007-353.htmCONFIRM
http://svn.apache.org/viewvc?view=rev&revision=549159http://svn.apache.org/viewvc?view=rev&revision=549159CONFIRM
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.htmlhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.htmlCONFIRM
MDKSA-2007:140http://www.mandriva.com/security/advisories?name=MDKSA-2007:140MANDRIVA
MDKSA-2007:141http://www.mandriva.com/security/advisories?name=MDKSA-2007:141MANDRIVA
MDKSA-2007:142http://www.mandriva.com/security/advisories?name=MDKSA-2007:142MANDRIVA
SUSE-SA:2007:061http://www.novell.com/linux/security/advisories/2007_61_apache2.htmlSUSE
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.htmlhttp://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.htmlCONFIRM
FEDORA-2007-2214http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.htmlFEDORA
RHSA-2007:0532http://www.redhat.com/support/errata/RHSA-2007-0532.htmlREDHAT
RHSA-2007:0557http://www.redhat.com/support/errata/RHSA-2007-0557.htmlREDHAT
RHSA-2008:0261http://www.redhat.com/support/errata/RHSA-2008-0261.htmlREDHAT
20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Serverhttp://www.securityfocus.com/archive/1/505990/100/0/threadedBUGTRAQ
24645http://www.securityfocus.com/bid/24645BIDPATCH
1018302http://www.securitytracker.com/id?1018302SECTRACK
2007-0026http://www.trustix.org/errata/2007/0026/TRUSTIX
USN-499-1http://www.ubuntu.com/usn/usn-499-1UBUNTU
ADV-2007-2727http://www.vupen.com/english/advisories/2007/2727VUPEN
ADV-2007-3283http://www.vupen.com/english/advisories/2007/3283VUPEN
ADV-2007-3386http://www.vupen.com/english/advisories/2007/3386VUPEN
ADV-2007-4305http://www.vupen.com/english/advisories/2007/4305VUPEN
ADV-2008-0233http://www.vupen.com/english/advisories/2008/0233VUPEN
PK52702http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702AIXAPAR
PK49295http://www-1.ibm.com/support/search.wss?rs=0&q=PK49295&apar=onlyAIXAPAR
apache-modstatus-xss(35097)https://exchange.xforce.ibmcloud.com/vulnerabilities/35097XF
https://issues.rpath.com/browse/RPL-1500https://issues.rpath.com/browse/RPL-1500CONFIRM
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3CcvsMLIST
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3CcvsMLIST
[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3CcvsMLIST
[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3CcvsMLIST
[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3CcvMLIST
[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3CcvMLIST
[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3CcvMLIST
[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3CcvMLIST
oval:org.mitre.oval:def:10154https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10154OVAL
RHSA-2007:0533https://rhn.redhat.com/errata/RHSA-2007-0533.htmlREDHAT