CVE - CVE-2006-5752

CVE-ID
CVE-2006-5752	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server URL:http://www.securityfocus.com/archive/1/505990/100/0/threaded MLIST:[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server URL:http://lists.vmware.com/pipermail/security-announce/2009/000062.html MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112 CONFIRM:http://svn.apache.org/viewvc?view=rev&revision=549159 CONFIRM:https://issues.rpath.com/browse/RPL-1500 CONFIRM:http://httpd.apache.org/security/vulnerabilities_13.html CONFIRM:http://httpd.apache.org/security/vulnerabilities_20.html CONFIRM:http://httpd.apache.org/security/vulnerabilities_22.html CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=186219 CONFIRM:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html AIXAPAR:PK49295 URL:http://www-1.ibm.com/support/search.wss?rs=0&q=PK49295&apar=only AIXAPAR:PK52702 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702 FEDORA:FEDORA-2007-2214 URL:http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html GENTOO:GLSA-200711-06 URL:http://security.gentoo.org/glsa/glsa-200711-06.xml HP:HPSBUX02262 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 HP:SSRT071447 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 MANDRIVA:MDKSA-2007:140 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:140 MANDRIVA:MDKSA-2007:141 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:141 MANDRIVA:MDKSA-2007:142 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:142 REDHAT:RHSA-2007:0532 URL:http://www.redhat.com/support/errata/RHSA-2007-0532.html REDHAT:RHSA-2007:0534 URL:http://rhn.redhat.com/errata/RHSA-2007-0534.html REDHAT:RHSA-2007:0556 URL:http://rhn.redhat.com/errata/RHSA-2007-0556.html REDHAT:RHSA-2007:0533 URL:https://rhn.redhat.com/errata/RHSA-2007-0533.html REDHAT:RHSA-2007:0557 URL:http://www.redhat.com/support/errata/RHSA-2007-0557.html REDHAT:RHSA-2008:0261 URL:http://www.redhat.com/support/errata/RHSA-2008-0261.html SUNALERT:103179 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1 SUNALERT:200032 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1 SUSE:SUSE-SA:2007:061 URL:http://www.novell.com/linux/security/advisories/2007_61_apache2.html TRUSTIX:2007-0026 URL:http://www.trustix.org/errata/2007/0026/ UBUNTU:USN-499-1 URL:http://www.ubuntu.com/usn/usn-499-1 BID:24645 URL:http://www.securityfocus.com/bid/24645 OSVDB:37052 URL:http://osvdb.org/37052 OVAL:oval:org.mitre.oval:def:10154 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10154 VUPEN:ADV-2007-2727 URL:http://www.vupen.com/english/advisories/2007/2727 VUPEN:ADV-2007-3283 URL:http://www.vupen.com/english/advisories/2007/3283 VUPEN:ADV-2007-3386 URL:http://www.vupen.com/english/advisories/2007/3386 VUPEN:ADV-2007-4305 URL:http://www.vupen.com/english/advisories/2007/4305 SECTRACK:1018302 URL:http://www.securitytracker.com/id?1018302 SECUNIA:25827 URL:http://secunia.com/advisories/25827 SECUNIA:25830 URL:http://secunia.com/advisories/25830 SECUNIA:25873 URL:http://secunia.com/advisories/25873 SECUNIA:25920 URL:http://secunia.com/advisories/25920 SECUNIA:26273 URL:http://secunia.com/advisories/26273 SECUNIA:26443 URL:http://secunia.com/advisories/26443 SECUNIA:26458 URL:http://secunia.com/advisories/26458 SECUNIA:26508 URL:http://secunia.com/advisories/26508 SECUNIA:26822 URL:http://secunia.com/advisories/26822 SECUNIA:26842 URL:http://secunia.com/advisories/26842 SECUNIA:26993 URL:http://secunia.com/advisories/26993 SECUNIA:27037 URL:http://secunia.com/advisories/27037 SECUNIA:27563 URL:http://secunia.com/advisories/27563 SECUNIA:27732 URL:http://secunia.com/advisories/27732 SECUNIA:28212 URL:http://secunia.com/advisories/28212 SECUNIA:28224 URL:http://secunia.com/advisories/28224 SECUNIA:28606 URL:http://secunia.com/advisories/28606 VUPEN:ADV-2008-0233 URL:http://www.vupen.com/english/advisories/2008/0233 XF:apache-modstatus-xss(35097) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/35097
Assigning CNA
N/A
Date Entry Created
20061106	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20061106)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org