Lucene search

K
httpdApache Team FoundationHTTPD:007193648BB39712DF32CAE9B6A1C1F0
HistoryDec 15, 2007 - 12:00 a.m.

Apache Httpd < 2.0.63 : mod_status XSS

2007-12-1500:00:00
Apache Team Foundation
httpd.apache.org
24

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.764

Percentile

98.2%

A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.

Affected configurations

Vulners
Node
apacheapache_httpdMatch2.0.61
OR
apacheapache_httpdMatch2.0.59
OR
apacheapache_httpdMatch2.0.58
OR
apacheapache_httpdMatch2.0.55
OR
apacheapache_httpdMatch2.0.54
OR
apacheapache_httpdMatch2.0.53
OR
apacheapache_httpdMatch2.0.52
OR
apacheapache_httpdMatch2.0.51
OR
apacheapache_httpdMatch2.0.50
OR
apacheapache_httpdMatch2.0.49
OR
apacheapache_httpdMatch2.0.48
OR
apacheapache_httpdMatch2.0.47
OR
apacheapache_httpdMatch2.0.46
OR
apacheapache_httpdMatch2.0.45
OR
apacheapache_httpdMatch2.0.44
OR
apacheapache_httpdMatch2.0.43
OR
apacheapache_httpdMatch2.0.42
OR
apacheapache_httpdMatch2.0.40
OR
apacheapache_httpdMatch2.0.39
OR
apacheapache_httpdMatch2.0.37
OR
apacheapache_httpdMatch2.0.36
OR
apacheapache_httpdMatch2.0.35
VendorProductVersionCPE
apacheapache_httpd2.0.61cpe:2.3:a:apache:apache_httpd:2.0.61:*:*:*:*:*:*:*
apacheapache_httpd2.0.59cpe:2.3:a:apache:apache_httpd:2.0.59:*:*:*:*:*:*:*
apacheapache_httpd2.0.58cpe:2.3:a:apache:apache_httpd:2.0.58:*:*:*:*:*:*:*
apacheapache_httpd2.0.55cpe:2.3:a:apache:apache_httpd:2.0.55:*:*:*:*:*:*:*
apacheapache_httpd2.0.54cpe:2.3:a:apache:apache_httpd:2.0.54:*:*:*:*:*:*:*
apacheapache_httpd2.0.53cpe:2.3:a:apache:apache_httpd:2.0.53:*:*:*:*:*:*:*
apacheapache_httpd2.0.52cpe:2.3:a:apache:apache_httpd:2.0.52:*:*:*:*:*:*:*
apacheapache_httpd2.0.51cpe:2.3:a:apache:apache_httpd:2.0.51:*:*:*:*:*:*:*
apacheapache_httpd2.0.50cpe:2.3:a:apache:apache_httpd:2.0.50:*:*:*:*:*:*:*
apacheapache_httpd2.0.49cpe:2.3:a:apache:apache_httpd:2.0.49:*:*:*:*:*:*:*
Rows per page:
1-10 of 221

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.764

Percentile

98.2%