Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server |
||
canonical ubuntu linux 7.04 |
||
canonical ubuntu linux 6.10 |
||
canonical ubuntu linux 6.06 |
||
fedoraproject fedora 7 |
||
redhat enterprise linux server 5.0 |
||
redhat enterprise linux desktop 3.0 |
||
redhat enterprise linux workstation 5.0 |
||
redhat enterprise linux desktop 4.0 |
||
redhat enterprise linux desktop 5.0 |
||
redhat enterprise linux server 4.0 |
||
redhat enterprise linux workstation 4.0 |
||
redhat enterprise linux workstation 3.0 |
||
redhat enterprise linux server 3.0 |
||
redhat enterprise linux eus 4.5 |