Published: 08/01/2008 Updated: 02/02/2024

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Http Server

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 up to and including 2.2.6, 2.0.35 up to and including 2.0.61, and 1.3.2 up to and including 1.3.39, when the server-status page is enabled, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server

It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a craf ...

CWE-79 http://httpd.apache.org/security/vulnerabilities_13.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://securitytracker.com/id?1019154 http://www.mandriva.com/security/advisories?name=MDVSA-2008:014 http://www.mandriva.com/security/advisories?name=MDVSA-2008:015 http://www.redhat.com/support/errata/RHSA-2008-0004.html http://www.redhat.com/support/errata/RHSA-2008-0005.html http://www.redhat.com/support/errata/RHSA-2008-0006.html http://www.redhat.com/support/errata/RHSA-2008-0007.html http://www.redhat.com/support/errata/RHSA-2008-0008.html http://www.securityfocus.com/bid/27237 http://secunia.com/advisories/28467 http://secunia.com/advisories/28471 http://www.mandriva.com/security/advisories?name=MDVSA-2008:016 http://secunia.com/advisories/28526 http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm http://secunia.com/advisories/28607 http://www.ubuntu.com/usn/usn-575-1 http://secunia.com/advisories/28749 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=689039 http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf http://secunia.com/advisories/28965 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748 http://secunia.com/advisories/28977 http://secunia.com/advisories/28922 http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1 http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/29420 http://www-1.ibm.com/support/search.wss?rs=0&q=PK59667&apar=only http://www-1.ibm.com/support/docview.wss?uid=swg1PK62966 http://secunia.com/advisories/29504 http://securityreason.com/securityalert/3541 http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html http://secunia.com/advisories/29640 http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273 http://secunia.com/advisories/29806 http://www.redhat.com/support/errata/RHSA-2008-0009.html http://secunia.com/advisories/29988 http://www-1.ibm.com/support/docview.wss?uid=swg24019245 http://www.redhat.com/support/errata/RHSA-2008-0261.html http://secunia.com/advisories/30356 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://secunia.com/advisories/30430 http://secunia.com/advisories/31142 http://secunia.com/advisories/30732 http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html http://secunia.com/advisories/33200 http://lists.vmware.com/pipermail/security-announce/2009/000062.html http://www.vupen.com/english/advisories/2008/1697 http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2008/0809/references http://www.vupen.com/english/advisories/2008/0554 http://www.vupen.com/english/advisories/2008/0986/references http://www.vupen.com/english/advisories/2008/0047 http://www.vupen.com/english/advisories/2008/1224/references http://www.vupen.com/english/advisories/2008/0447/references http://www.vupen.com/english/advisories/2008/1623/references http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://secunia.com/advisories/32800 http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html https://exchange.xforce.ibmcloud.com/vulnerabilities/39472 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10272 http://www.securityfocus.com/archive/1/505990/100/0/threaded http://www.securityfocus.com/archive/1/498523/100/0/threaded http://www.securityfocus.com/archive/1/494428/100/0/threaded http://www.securityfocus.com/archive/1/488082/100/0/threaded https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E https://usn.ubuntu.com/575-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook