Apache Httpd < 2.2.8: mod_status XSS

ID HTTPD:DC0D0DA1FB5874A3354C3260D37E18DC
Type httpd
Reporter Apache Team Foundation
Modified 2008-01-19T00:00:00


A flaw was found in the mod_status module. On sites where mod_status is enabled and the status pages were publicly accessible, a cross-site scripting attack is possible. Note that the server-status page is not enabled by default and it is best practice to not make this publicly available.