FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-0796

This CVE name corresponds to:

Entered Topic
2009-05-16 mod_perl -- cross-site scripting

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-0796 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-0796
Phase Assigned(20090304)

Description

Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.

References

Source Reference
BUGTRAQ 20090415 XSS with mod_perl perl_status utility
MLIST [modperl-cvs] 20090401 svn commit: r761081 - in /perl/modperl/branches/1.x: Changes lib/Apache/Status.pm
MLIST [modperl] 20090401 [SECURITY] [CVE-2009-0796] Vulnerability found in Apache::Status and Apache2::Status
MISC https://launchpad.net/bugs/cve/2009-0796
CONFIRM http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?r1=177851&r2=761081&pathrev=761081&diff_format=h
CONFIRM http://svn.apache.org/viewvc?view=rev&revision=761081
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=494402
CONFIRM http://support.apple.com/kb/HT4435
APPLE APPLE-SA-2010-11-10-1
MANDRIVA MDVSA-2009:091
SUNALERT 1021508
SUNALERT 1021709
BID 34383
OVAL oval:org.mitre.oval:def:8488
SECTRACK 1021988
SECUNIA 34597
VUPEN ADV-2009-0943

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.