Vulnerability Details : CVE-2006-5752

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
Publish Date : 2007-06-27 Last Update Date : 2021-06-06

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	4.3
Confidentiality Impact	None (There is no impact to the confidentiality of the system.)
Integrity Impact	Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	None (There is no impact to the availability of the system.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Cross Site Scripting
CWE ID	CWE id is not defined for this vulnerability

- Vendor Statements

Fixed in Apache HTTP Server 2.2.6, 2.0.61, and 1.3.39: http://httpd.apache.org/security/vulnerabilities_22.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_13.html
Source: Apache

- Additional Vendor Supplied Data

Vendor	Impact	CVSS Score	CVSS Vector	Report Date	Publish Date
Redhat	moderate			2007-06-20	2007-06-20

If you are a vendor and you have additional data which can be automatically imported into our database, please contact admin @ cvedetails.com

- Related OVAL Definitions

Title	Definition Id	Family
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when Ex...	oval:org.mitre.oval:def:10154	unix
CVE-2006-5752	oval:org.opensuse.security:def:20065752	unix
ELSA-2007:0556: httpd security update (Moderate)	oval:org.mitre.oval:def:22543	unix
mod_status cross-site scripting	oval:org.apache.httpd:def:20065752
RHSA-2007:0533: httpd security update (Moderate)	oval:com.redhat.rhsa:def:20070533	unix
RHSA-2007:0534: httpd security update (Moderate)	oval:com.redhat.rhsa:def:20070534	unix
RHSA-2007:0556: httpd security update (Moderate)	oval:com.redhat.rhsa:def:20070556	unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2006-5752

#	Product Type	Vendor	Product	Version	Update	Edition	Language
No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.

- References For CVE-2006-5752

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
MLIST [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

http://www.securityfocus.com/archive/1/505990/100/0/threaded
BUGTRAQ 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server

http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/35097
XF apache-modstatus-xss(35097)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10154
OVAL oval:org.mitre.oval:def:10154

http://osvdb.org/37052
OSVDB 37052

http://www.vupen.com/english/advisories/2007/3386
VUPEN ADV-2007-3386

http://www.vupen.com/english/advisories/2007/3283
VUPEN ADV-2007-3283

http://www.vupen.com/english/advisories/2007/2727
VUPEN ADV-2007-2727

http://www.vupen.com/english/advisories/2007/4305
VUPEN ADV-2007-4305

http://www.vupen.com/english/advisories/2008/0233
VUPEN ADV-2008-0233

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
HP SSRT071447

http://www.redhat.com/support/errata/RHSA-2008-0261.html
REDHAT RHSA-2008:0261

http://lists.vmware.com/pipermail/security-announce/2009/000062.html
MLIST [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server

http://secunia.com/advisories/28606
SECUNIA 28606

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1
SUNALERT 200032

http://secunia.com/advisories/28224
SECUNIA 28224

http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html CONFIRM

http://secunia.com/advisories/28212
SECUNIA 28212

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1
SUNALERT 103179

http://secunia.com/advisories/27732
SECUNIA 27732

http://secunia.com/advisories/27563
SECUNIA 27563

http://secunia.com/advisories/26822
SECUNIA 26822

http://secunia.com/advisories/26842
SECUNIA 26842

http://secunia.com/advisories/27037
SECUNIA 27037

http://secunia.com/advisories/26993
SECUNIA 26993