FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-5752

This CVE name corresponds to:

Entered Topic
2007-09-11 apache -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-5752 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-5752
Phase Assigned(20061106)

Description

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.

References

Source Reference
BUGTRAQ 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
MLIST [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
MISC http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112
CONFIRM http://svn.apache.org/viewvc?view=rev&revision=549159
CONFIRM https://issues.rpath.com/browse/RPL-1500
CONFIRM http://httpd.apache.org/security/vulnerabilities_13.html
CONFIRM http://httpd.apache.org/security/vulnerabilities_20.html
CONFIRM http://httpd.apache.org/security/vulnerabilities_22.html
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=186219
CONFIRM http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
AIXAPAR PK49295
AIXAPAR PK52702
FEDORA FEDORA-2007-2214
GENTOO GLSA-200711-06
HP HPSBUX02262
HP SSRT071447
MANDRIVA MDKSA-2007:140
MANDRIVA MDKSA-2007:141
MANDRIVA MDKSA-2007:142
REDHAT RHSA-2007:0532
REDHAT RHSA-2007:0534
REDHAT RHSA-2007:0556
REDHAT RHSA-2007:0533
REDHAT RHSA-2007:0557
REDHAT RHSA-2008:0261
SUNALERT 103179
SUNALERT 200032
SUSE SUSE-SA:2007:061
TRUSTIX 2007-0026
UBUNTU USN-499-1
BID 24645
OSVDB 37052
OVAL oval:org.mitre.oval:def:10154
SECUNIA 28606
VUPEN ADV-2007-2727
VUPEN ADV-2007-3283
VUPEN ADV-2007-3386
VUPEN ADV-2007-4305
SECTRACK 1018302
SECUNIA 25827
SECUNIA 25830
SECUNIA 25873
SECUNIA 25920
SECUNIA 26273
SECUNIA 26443
SECUNIA 26458
SECUNIA 26508
SECUNIA 26822
SECUNIA 26842
SECUNIA 26993
SECUNIA 27037
SECUNIA 27563
SECUNIA 27732
SECUNIA 28212
SECUNIA 28224
SECUNIA 28606
VUPEN ADV-2008-0233
XF apache-modstatus-xss(35097)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.