Lucene search

[email protected]CVE-2007-6388

HistoryJan 08, 2008 - 6:46 p.m.

CVE-2007-6388

2008-01-0818:46:00

CWE-79

[email protected]

web.nvd.nist.gov

178

cve-2007-6388

cross-site scripting

xss

apache http server

security vulnerability

nvd

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.818 High

EPSS

Percentile

98.3%

JSON

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
apache:http_serverapache http serverle2.2.6
apache:http_serverapache http serverle2.0.61
apache:http_serverapache http serverle1.3.39

CPE	Name	Operator	Version
apache:http_server	apache http server	le	2.2.6
apache:http_server	apache http server	le	2.0.61
apache:http_server	apache http server	le	1.3.39

References

docs.info.apple.com/article.html?artnum=307562

httpd.apache.org/security/vulnerabilities_13.html

httpd.apache.org/security/vulnerabilities_20.html

httpd.apache.org/security/vulnerabilities_22.html

lists.apple.com/archives/security-announce/2008//May/msg00001.html

lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html

lists.vmware.com/pipermail/security-announce/2009/000062.html

marc.info/?l=bugtraq&m=130497311408250&w=2

secunia.com/advisories/28467

secunia.com/advisories/28471

secunia.com/advisories/28526

secunia.com/advisories/28607

secunia.com/advisories/28749

secunia.com/advisories/28922

secunia.com/advisories/28965

secunia.com/advisories/28977

secunia.com/advisories/29420

secunia.com/advisories/29504

secunia.com/advisories/29640

secunia.com/advisories/29806

secunia.com/advisories/29988

secunia.com/advisories/30356

secunia.com/advisories/30430

secunia.com/advisories/30732

secunia.com/advisories/31142

secunia.com/advisories/32800

secunia.com/advisories/33200

securityreason.com/securityalert/3541

securitytracker.com/id?1019154

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748

sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1

support.avaya.com/elmodocs2/security/ASA-2008-032.htm

support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=689039

www-1.ibm.com/support/docview.wss?uid=swg1PK62966

www-1.ibm.com/support/docview.wss?uid=swg1PK63273

www-1.ibm.com/support/docview.wss?uid=swg24019245

www-1.ibm.com/support/search.wss?rs=0&q=PK59667&apar=only

www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html

www.mandriva.com/security/advisories?name=MDVSA-2008:014

www.mandriva.com/security/advisories?name=MDVSA-2008:015

www.mandriva.com/security/advisories?name=MDVSA-2008:016

www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

www.redhat.com/support/errata/RHSA-2008-0004.html

www.redhat.com/support/errata/RHSA-2008-0005.html

www.redhat.com/support/errata/RHSA-2008-0006.html

www.redhat.com/support/errata/RHSA-2008-0007.html

www.redhat.com/support/errata/RHSA-2008-0008.html

www.redhat.com/support/errata/RHSA-2008-0009.html

www.redhat.com/support/errata/RHSA-2008-0261.html

www.securityfocus.com/archive/1/488082/100/0/threaded

www.securityfocus.com/archive/1/494428/100/0/threaded

www.securityfocus.com/archive/1/498523/100/0/threaded

www.securityfocus.com/archive/1/505990/100/0/threaded

www.securityfocus.com/bid/27237

www.ubuntu.com/usn/usn-575-1

www.us-cert.gov/cas/techalerts/TA08-150A.html

www.vupen.com/english/advisories/2008/0047

www.vupen.com/english/advisories/2008/0447/references

www.vupen.com/english/advisories/2008/0554

www.vupen.com/english/advisories/2008/0809/references

www.vupen.com/english/advisories/2008/0924/references

www.vupen.com/english/advisories/2008/0986/references

www.vupen.com/english/advisories/2008/1224/references

www.vupen.com/english/advisories/2008/1623/references

www.vupen.com/english/advisories/2008/1697

www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/39472

lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10272

www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html

www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.818 High

EPSS

Percentile

98.3%

JSON

Related for CVE-2007-6388

openvas71 ubuntucve1 httpd3 prion1 seebug1 debiancve1 securityvulns6 veracode1 slackware3 nessus39 redhat8 centos4 oraclelinux3 fedora2 altlinux3 suse1 vmware2 ubuntu1 oracle1