CVE-2006-5752: XSS

First published: Wed Jun 27 2007(Updated: )

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Apache HTTP server	>=1.3.2<1.3.39
Apache HTTP server	>=2.0.0<2.0.61
Apache HTTP server	>=2.2.0<2.2.6
Canonical Ubuntu Linux	=6.06
Canonical Ubuntu Linux	=6.10
Canonical Ubuntu Linux	=7.04
Fedoraproject Fedora	=7
Redhat Enterprise Linux Desktop	=3.0
Redhat Enterprise Linux Desktop	=4.0
Redhat Enterprise Linux Desktop	=5.0
Redhat Enterprise Linux Eus	=4.5
Redhat Enterprise Linux Server	=3.0
Redhat Enterprise Linux Server	=4.0
Redhat Enterprise Linux Server	=5.0
Redhat Enterprise Linux Workstation	=3.0
Redhat Enterprise Linux Workstation	=4.0
Redhat Enterprise Linux Workstation	=5.0

Remedy

http://www.securityfocus.com/bid/24645

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
collector/nvd-index
collector/nvd-api
agent/severity
agent/references
agent/weakness
agent/author
agent/type
agent/event
agent/description
agent/first-publish-date
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/apache
canonical/apache http server
version/apache http server/2.2.0
version/apache http server/2.0.0
version/apache http server/1.3.2
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/7.04
version/canonical ubuntu linux/6.10
version/canonical ubuntu linux/6.06
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/7
vendor/redhat
canonical/redhat enterprise linux server
version/redhat enterprise linux server/5.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/3.0
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/5.0
version/redhat enterprise linux desktop/4.0
version/redhat enterprise linux desktop/5.0
version/redhat enterprise linux server/4.0
version/redhat enterprise linux workstation/4.0
version/redhat enterprise linux workstation/3.0
version/redhat enterprise linux server/3.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/4.5

CVE-2006-5752: XSS

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact