Lucene search

K
httpdApache Team FoundationHTTPD:1C4DE9E6BEF7FF3A10F23196E08CEB35
HistoryDec 15, 2007 - 12:00 a.m.

Apache Httpd < 2.2.8 : mod_status XSS

2007-12-1500:00:00
Apache Team Foundation
httpd.apache.org
30

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.764

Percentile

98.2%

A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.

Affected configurations

Vulners
Node
apacheapache_httpdMatch2.2.6
OR
apacheapache_httpdMatch2.2.5
OR
apacheapache_httpdMatch2.2.4
OR
apacheapache_httpdMatch2.2.3
OR
apacheapache_httpdMatch2.2.2
OR
apacheapache_httpdMatch2.2.0
VendorProductVersionCPE
apacheapache_httpd2.2.6cpe:2.3:a:apache:apache_httpd:2.2.6:*:*:*:*:*:*:*
apacheapache_httpd2.2.5cpe:2.3:a:apache:apache_httpd:2.2.5:*:*:*:*:*:*:*
apacheapache_httpd2.2.4cpe:2.3:a:apache:apache_httpd:2.2.4:*:*:*:*:*:*:*
apacheapache_httpd2.2.3cpe:2.3:a:apache:apache_httpd:2.2.3:*:*:*:*:*:*:*
apacheapache_httpd2.2.2cpe:2.3:a:apache:apache_httpd:2.2.2:*:*:*:*:*:*:*
apacheapache_httpd2.2.0cpe:2.3:a:apache:apache_httpd:2.2.0:*:*:*:*:*:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.764

Percentile

98.2%