Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:2818
HistoryJan 14, 2008 - 12:00 a.m.

Apache HTTP Server 2.2.6, 2.0.61和1.3.39 'mod_status'跨站脚本漏洞

2008-01-1400:00:00
Root
www.seebug.org
144

0.96 High

EPSS

Percentile

99.3%

JSON

BUGTRAQ ID: 27237
CVE ID:CVE-2007-6388
CNCVE ID:CNCVE-20076388

Apache HTTP Server是一款开放源码的WEB服务程序。
Apache HTTP Server包含的mod_status模块存在输入验证问题,远程攻击者可以利用漏洞进行跨站脚本攻击,可能获得目标用户敏感信息。
server-status页默认不启用。目前没有详细漏洞细节提供。

Posadis Posadis 1.3.31
Posadis Posadis 1.3.28
Apache Software Foundation Apache 2.2.6
Apache Software Foundation Apache 2.2.5
Apache Software Foundation Apache 2.2.4
Apache Software Foundation Apache 2.2.3
Apache Software Foundation Apache 2.2.2
Apache Software Foundation Apache 2.2 .0
Apache Software Foundation Apache 2.0.59
Apache Software Foundation Apache 2.0.58

  • Debian Linux 3.1 sparc
  • Debian Linux 3.1 s/390
  • Debian Linux 3.1 ppc
  • Debian Linux 3.1 mipsel
  • Debian Linux 3.1 mips
  • Debian Linux 3.1 m68k
  • Debian Linux 3.1 ia-64
  • Debian Linux 3.1 ia-32
  • Debian Linux 3.1 hppa
  • Debian Linux 3.1 arm
  • Debian Linux 3.1 amd64
  • Debian Linux 3.1 alpha
  • Debian Linux 3.1
    Apache Software Foundation Apache 2.0.56 -dev
    Apache Software Foundation Apache 2.0.55
    Apache Software Foundation Apache 2.0.54
  • Debian Linux 3.1 sparc
  • Debian Linux 3.1 s/390
  • Debian Linux 3.1 ppc
  • Debian Linux 3.1 mipsel
  • Debian Linux 3.1 mips
  • Debian Linux 3.1 m68k
  • Debian Linux 3.1 ia-64
  • Debian Linux 3.1 ia-32
  • Debian Linux 3.1 hppa
  • Debian Linux 3.1 arm
  • Debian Linux 3.1 amd64
  • Debian Linux 3.1 alpha
  • Debian Linux 3.1
    Apache Software Foundation Apache 2.0.53
    Apache Software Foundation Apache 2.0.52
  • Apple Mac OS X 10.3.6
  • Apple Mac OS X 10.2.8
  • Apple Mac OS X Server 10.3.6
  • Apple Mac OS X Server 10.2.8
  • RedHat Desktop 4.0
  • RedHat Enterprise Linux WS 4
  • RedHat Enterprise Linux ES 4
  • RedHat Enterprise Linux AS 4
  • Sun Solaris 10
    Apache Software Foundation Apache 2.0.51
  • RedHat Fedora Core2
  • RedHat Fedora Core1
    Apache Software Foundation Apache 2.0.50
  • MandrakeSoft Linux Mandrake 10.1 x86_64
  • MandrakeSoft Linux Mandrake 10.1
    Apache Software Foundation Apache 2.0.49
  • S.u.S.E. Linux Personal 9.1
  • Trustix Secure Linux 2.1
  • Trustix Secure Linux 2.0
    Apache Software Foundation Apache 2.0.48
  • MandrakeSoft Linux Mandrake 10.0 AMD64
  • MandrakeSoft Linux Mandrake 10.0
  • S.u.S.E. Linux 8.1
  • S.u.S.E. Linux Personal 9.0 x86_64
  • S.u.S.E. Linux Personal 9.0
  • S.u.S.E. Linux Personal 8.2
  • Trustix Secure Linux 2.1
  • Trustix Secure Linux 2.0
    Apache Software Foundation Apache 2.0.47
  • Apple Mac OS X Server 10.3.5
  • Apple Mac OS X Server 10.3.4
  • Apple Mac OS X Server 10.3.3
  • Apple Mac OS X Server 10.3.2
  • Apple Mac OS X Server 10.3.1
  • Apple Mac OS X Server 10.3
  • Apple Mac OS X Server 10.2.8
  • Apple Mac OS X Server 10.2.7
  • Apple Mac OS X Server 10.2.6
  • Apple Mac OS X Server 10.2.5
  • Apple Mac OS X Server 10.2.4
  • Apple Mac OS X Server 10.2.3
  • Apple Mac OS X Server 10.2.2
  • Apple Mac OS X Server 10.2.1
  • Apple Mac OS X Server 10.2
  • Apple Mac OS X Server 10.1.5
  • Apple Mac OS X Server 10.1.4
  • Apple Mac OS X Server 10.1.3
  • Apple Mac OS X Server 10.1.2
  • Apple Mac OS X Server 10.1.1
  • Apple Mac OS X Server 10.1
  • MandrakeSoft Linux Mandrake 9.2 amd64
  • MandrakeSoft Linux Mandrake 9.2
  • MandrakeSoft Linux Mandrake 9.1 ppc
  • MandrakeSoft Linux Mandrake 9.1
    Apache Software Foundation Apache 2.0.46
  • RedHat Desktop 3.0
  • RedHat Enterprise Linux WS 3
  • RedHat Enterprise Linux ES 3
  • RedHat Enterprise Linux AS 3
  • Trustix Secure Linux 2.0
    Apache Software Foundation Apache 2.0.45
  • Apple Mac OS X 10.2.6
  • Apple Mac OS X 10.2.5
  • Apple Mac OS X 10.2.4
  • Apple Mac OS X 10.2.3
  • Apple Mac OS X 10.2.2
  • Apple Mac OS X 10.2.1
  • Apple Mac OS X 10.2
  • Apple Mac OS X 10.1.5
  • Apple Mac OS X 10.1.4
  • Apple Mac OS X 10.1.3
  • Apple Mac OS X 10.1.2
  • Apple Mac OS X 10.1.1
  • Apple Mac OS X 10.1
  • Apple Mac OS X 10.1
  • Apple Mac OS X 10.0.4
  • Apple Mac OS X 10.0.3
  • Apple Mac OS X 10.0.2
  • Apple Mac OS X 10.0.1
  • Apple Mac OS X 10.0
  • Conectiva Linux 9.0
    Apache Software Foundation Apache 2.0.44
    Apache Software Foundation Apache 2.0.43
    Apache Software Foundation Apache 2.0.42
  • Gentoo Linux 1.4 _rc1
  • Gentoo Linux 1.2
    Apache Software Foundation Apache 2.0.41
    Apache Software Foundation Apache 2.0.40
  • RedHat Linux 9.0 i386
  • RedHat Linux 8.0
  • Terra Soft Solutions Yellow Dog Linux 3.0
    Apache Software Foundation Apache 2.0.39
    Apache Software Foundation Apache 2.0.38
    Apache Software Foundation Apache 2.0.37
    Apache Software Foundation Apache 2.0.36
    Apache Software Foundation Apache 2.0.35
    Apache Software Foundation Apache 1.3.39
    Apache Software Foundation Apache 1.3.37
    Apache Software Foundation Apache 1.3.36
    Apache Software Foundation Apache 1.3.35 -dev
    Apache Software Foundation Apache 1.3.35
    Apache Software Foundation Apache 1.3.34
    Apache Software Foundation Apache 1.3.33
  • Apple Mac OS X 10.3.6
  • Apple Mac OS X 10.2.8
  • Apple Mac OS X Server 10.3.6
  • Apple Mac OS X Server 10.2.8
  • Debian Linux 3.1 sparc
  • Debian Linux 3.1 s/390
  • Debian Linux 3.1 ppc
  • Debian Linux 3.1 mipsel
  • Debian Linux 3.1 mips
  • Debian Linux 3.1 m68k
  • Debian Linux 3.1 ia-64
  • Debian Linux 3.1 ia-32
  • Debian Linux 3.1 hppa
  • Debian Linux 3.1 arm
  • Debian Linux 3.1 amd64
  • Debian Linux 3.1 alpha
  • Debian Linux 3.1
    Apache Software Foundation Apache 1.3.32
  • Gentoo Linux 1.4
  • Gentoo Linux
    Apache Software Foundation Apache 1.3.31
  • OpenPKG OpenPKG Current
    Apache Software Foundation Apache 1.3.29
  • Apple Mac OS X 10.3.5
  • Apple Mac OS X 10.2.7
  • Apple Mac OS X Server 10.3.5
  • Apple Mac OS X Server 10.2.7
  • MandrakeSoft Linux Mandrake 10.0 AMD64
  • MandrakeSoft Linux Mandrake 10.0
  • OpenPKG OpenPKG 2.0
    Apache Software Foundation Apache 1.3.28
  • Conectiva Linux 8.0
  • MandrakeSoft Linux Mandrake 9.2 amd64
  • MandrakeSoft Linux Mandrake 9.2
  • OpenBSD OpenBSD 3.4
  • OpenPKG OpenPKG 1.3
    Apache Software Foundation Apache 1.3.27
  • HP HP-UX (VVOS) 11.0 4
  • HP VirtualVault 4.6
  • HP VirtualVault 4.5
  • HP Webproxy 2.0
  • Immunix Immunix OS 7+
  • MandrakeSoft Linux Mandrake 9.1 ppc
  • MandrakeSoft Linux Mandrake 9.1
  • OpenBSD OpenBSD 3.3
  • OpenPKG OpenPKG Current
  • RedHat Enterprise Linux WS 2.1 IA64
  • RedHat Enterprise Linux WS 2.1
  • RedHat Enterprise Linux ES 2.1 IA64
  • RedHat Enterprise Linux ES 2.1
  • RedHat Enterprise Linux AS 2.1 IA64
  • RedHat Enterprise Linux AS 2.1
  • RedHat Linux Advanced Work Station 2.1
  • SGI IRIX 6.5.19
    Apache Software Foundation Apache 1.3.26
  • Conectiva Linux 8.0
  • Conectiva Linux 7.0
  • Conectiva Linux 6.0
  • Debian Linux 3.0 sparc
  • Debian Linux 3.0 s/390
  • Debian Linux 3.0 ppc
  • Debian Linux 3.0 mipsel
  • Debian Linux 3.0 mips
  • Debian Linux 3.0 m68k
  • Debian Linux 3.0 ia-64
  • Debian Linux 3.0 ia-32
  • Debian Linux 3.0 hppa
  • Debian Linux 3.0 arm
  • Debian Linux 3.0 alpha
  • MandrakeSoft Corporate Server 2.1 x86_64
  • MandrakeSoft Corporate Server 2.1
  • MandrakeSoft Linux Mandrake 9.0
  • OpenPKG OpenPKG 1.1
  • Trustix Secure Linux 1.5
  • Trustix Secure Linux 1.2
  • Trustix Secure Linux 1.1
    Apache Software Foundation Apache 1.3.25
    Apache Software Foundation Apache 1.3.24
  • OpenBSD OpenBSD 3.1
  • Oracle Oracle HTTP Server 9.2 .0
  • Oracle Oracle HTTP Server 9.0.1
  • Oracle Oracle9i Application Server 9.0.2
  • Oracle Oracle9i Application Server 1.0.2 .2
  • Oracle Oracle9i Application Server 1.0.2 .1s
  • Oracle Oracle9i Application Server 1.0.2
  • Slackware Linux 8.1
  • Unisphere Networks SDX-300 2.0.3
    Apache Software Foundation Apache 1.3.23
  • IBM AIX 4.3
  • MandrakeSoft Linux Mandrake 8.2 ppc
  • MandrakeSoft Linux Mandrake 8.2
  • RedHat Linux 7.3 i386
  • RedHat Linux 7.3
  • S.u.S.E. Linux 8.0 i386
  • S.u.S.E. Linux 8.0
  • Trustix Secure Linux 1.5
  • Trustix Secure Linux 1.2
  • Trustix Secure Linux 1.1
    Apache Software Foundation Apache 1.3.22
  • Caldera OpenLinux Server 3.1.1
  • Caldera OpenLinux Server 3.1
  • Caldera OpenLinux Workstation 3.1.1
  • Caldera OpenLinux Workstation 3.1
  • Conectiva Linux 8.0
  • Conectiva Linux 7.0
  • Conectiva Linux 6.0
  • MandrakeSoft Corporate Server 1.0.1
  • MandrakeSoft Linux Mandrake 8.1 ia64
  • MandrakeSoft Linux Mandrake 8.1
  • MandrakeSoft Linux Mandrake 8.0 ppc
  • MandrakeSoft Linux Mandrake 8.0
  • MandrakeSoft Linux Mandrake 7.2
  • OpenPKG OpenPKG 1.0
  • RedHat Linux 7.2 ia64
  • RedHat Linux 7.2 i386
  • RedHat Linux 7.1 ia64
  • RedHat Linux 7.1 i386
  • RedHat Linux 7.1 alpha
  • RedHat Linux 7.0 i386
  • RedHat Linux 7.0 alpha
  • RedHat Linux 6.2 sparc
  • RedHat Linux 6.2 i386
  • RedHat Linux 6.2 alpha
    Apache Software Foundation Apache 1.3.20
  • HP HP-UX 11.22
  • HP HP-UX 11.20
  • MandrakeSoft Single Network Firewall 7.2
  • S.u.S.E. Linux 7.3 sparc
  • S.u.S.E. Linux 7.3 ppc
  • S.u.S.E. Linux 7.3 i386
  • S.u.S.E. Linux 7.3
  • SGI IRIX 6.5.18
  • SGI IRIX 6.5.17
  • SGI IRIX 6.5.16
  • SGI IRIX 6.5.15
  • SGI IRIX 6.5.14 m
  • SGI IRIX 6.5.14 f
  • SGI IRIX 6.5.14
  • SGI IRIX 6.5.13 m
  • SGI IRIX 6.5.13 f
  • SGI IRIX 6.5.13
  • SGI IRIX 6.5.12 m
  • SGI IRIX 6.5.12 f
  • SGI IRIX 6.5.12
  • Slackware Linux 8.0
  • Sun Cobalt Control Station 4100CS
  • Sun Cobalt RaQ 550
  • Sun Solaris 9_x86 Update 2
  • Sun Solaris 9_x86
  • Sun Solaris 9
  • Sun SunOS 5.9 _x86
  • Sun SunOS 5.9
    Apache Software Foundation Apache 1.3.19
  • Apple Mac OS X 10.0.3
  • Caldera OpenLinux 2.4
  • Debian Linux 2.3
  • Digital (Compaq) TRU64/DIGITAL UNIX 5.0
  • Digital (Compaq) TRU64/DIGITAL UNIX 4.0 g
  • Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f
  • EnGarde Secure Linux 1.0.1
  • FreeBSD FreeBSD 4.2
  • FreeBSD FreeBSD 3.5.1
  • HP HP-UX 11.11
  • HP HP-UX 11.0 4
  • HP HP-UX 11.0
  • HP HP-UX 10.20
  • HP Secure OS software for Linux 1.0
  • HP VirtualVault 4.5
  • MandrakeSoft Linux Mandrake 8.1
  • MandrakeSoft Linux Mandrake 8.0
  • MandrakeSoft Linux Mandrake 7.2
  • MandrakeSoft Linux Mandrake 7.1
  • NetBSD NetBSD 1.5.1
  • NetBSD NetBSD 1.5
  • OpenBSD OpenBSD 2.9
  • OpenBSD OpenBSD 2.8
  • OpenBSD OpenBSD 3.0
  • RedHat Linux 7.1
  • RedHat Linux 7.0
  • RedHat Linux 6.2
  • S.u.S.E. Linux 7.2 i386
  • S.u.S.E. Linux 7.2
  • S.u.S.E. Linux 7.1 x86
  • S.u.S.E. Linux 7.1 sparc
  • S.u.S.E. Linux 7.1 ppc
  • S.u.S.E. Linux 7.1 alpha
  • S.u.S.E. Linux 7.1
  • S.u.S.E. Linux 7.0 sparc
  • S.u.S.E. Linux 7.0 ppc
  • S.u.S.E. Linux 7.0 i386
  • S.u.S.E. Linux 7.0 alpha
  • S.u.S.E. Linux 7.0
  • S.u.S.E. Linux 6.4 ppc
  • S.u.S.E. Linux 6.4 i386
  • S.u.S.E. Linux 6.4 alpha
  • S.u.S.E. Linux 6.4
  • SCO eDesktop 2.4
  • SCO eServer 2.3.1
  • SGI IRIX 6.5.9
  • SGI IRIX 6.5.8
  • Sun Solaris 7.0
  • Sun Solaris 8
    Apache Software Foundation Apache 1.3.18
    Apache Software Foundation Apache 1.3.17
  • MandrakeSoft Corporate Server 1.0.1
  • MandrakeSoft Linux Mandrake 8.0 ppc
  • MandrakeSoft Linux Mandrake 8.0
  • OpenBSD OpenBSD 2.8
  • S.u.S.E. Linux 7.1
    Apache Software Foundation Apache 1.3.14
  • EnGarde Secure Linux 1.0.1
  • MandrakeSoft Linux Mandrake 7.2
  • MandrakeSoft Linux Mandrake 7.1
  • MandrakeSoft Single Network Firewall 7.2
  • SGI IRIX 6.5.11
  • SGI IRIX 6.5.10
  • SGI IRIX 6.5.9
  • SGI IRIX 6.5.8
  • SGI IRIX 6.5.7
  • SGI IRIX 6.5.6
  • SGI IRIX 6.5.5
  • SGI IRIX 6.5.4
  • SGI IRIX 6.5.3
  • SGI IRIX 6.5.2
  • SGI IRIX 6.5.1
  • SGI IRIX 6.5
    Apache Software Foundation Apache 1.3.12
  • NetScreen NetScreen-Global PRO Express Policy Manager Server
  • NetScreen NetScreen-Global PRO Policy Manager Server
  • OpenBSD OpenBSD 2.8
  • RedHat Linux 7.0 i386
  • RedHat Linux 7.0 alpha
  • RedHat Linux 6.2 sparc
  • RedHat Linux 6.2 i386
  • RedHat Linux 6.2 alpha
  • S.u.S.E. Linux 7.0 sparc
  • S.u.S.E. Linux 7.0
  • Sun Cobalt ManageRaQ v2 3599BD
  • Sun Cobalt Qube3 4000WG
  • Sun Cobalt RaQ XTR 3500R
  • Sun Cobalt RaQ4 3001R
    Apache Software Foundation Apache 1.3.11
    Apache Software Foundation Apache 1.3.9
  • Debian Linux 2.2 sparc
  • Debian Linux 2.2 powerpc
  • Debian Linux 2.2 arm
  • Debian Linux 2.2 alpha
  • Debian Linux 2.2 68k
  • Debian Linux 2.2
  • NetScreen NetScreen-Global PRO Express Policy Manager Server
  • NetScreen NetScreen-Global PRO Policy Manager Server
  • Sun Solaris 8_x86
  • Sun Solaris 8
  • Sun SunOS 5.8 _x86
  • Sun SunOS 5.8
    Apache Software Foundation Apache 1.3.7 -dev
    Apache Software Foundation Apache 1.3.6
  • Sun Cobalt ManageRaQ3 3000R-mr
  • Sun Cobalt RaQ3 3000R
  • Sun Cobalt Velociraptor
    Apache Software Foundation Apache 1.3.4
  • BSDI BSD/OS 4.0
    Apache Software Foundation Apache 1.3.3
  • RedHat Linux 5.2 sparc
  • RedHat Linux 5.2 i386
  • RedHat Linux 5.2 alpha
    Apache Software Foundation Apache 2.2.6-dev
    Apache Software Foundation Apache 2.2.5-dev
    Apache Software Foundation Apache 2.0.61-dev
    Apache Software Foundation Apache 2.0.60-dev

厂商解决方案
Apache 2.2.7-dev已经修正此漏洞:
<a href=“http://www.apache.org/” target=“_blank”>http://www.apache.org/</a>

Related

ubuntucve 1
openvas 71
httpd 3
cve 1
prion 1
debiancve 1
securityvulns 6
veracode 1
slackware 3
nessus 39
redhat 8
centos 4
oraclelinux 3
altlinux 3
fedora 2
suse 1
vmware 2
ubuntu 1
oracle 1
ubuntucve
ubuntucve
CVE-2007-6388
2008-01-08 00:00:00
openvas
openvas
HP-UX Update for Apache HPSBUX02313
2009-05-05 00:00:00
HP-UX Update for Apache HPSBUX02313
2009-05-05 00:00:00
Slackware Advisory SSA:2008-210-02 httpd
2012-09-11 00:00:00
httpd
httpd
Apache Httpd < 2.0.63 : mod_status XSS
2007-12-15 00:00:00
Apache Httpd < 2.2.8 : mod_status XSS
2007-12-15 00:00:00
Apache Httpd < 1.3.41 : mod_status XSS
2007-12-15 00:00:00
cve
cve
CVE-2007-6388
2008-01-08 18:46:00
prion
prion
Cross site scripting
2008-01-08 18:46:00
debiancve
debiancve
CVE-2007-6388
2008-01-08 18:46:00
securityvulns
securityvulns
SecurityReason - Apache &#40;mod_status&#41; Refresh Header - Open Redirector &#40;XSS&#41;
2008-01-16 00:00:00
HP OpenView Network Node Manager crossite scripting
2008-11-21 00:00:00
[security bulletin] HPSBMA02388 SSRT080059 rev.1 - HP OpenView Network Node Manager &#40;OV NNM&#41;, Remote Cross Site Scripting &#40;XSS&#41;
2008-11-21 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-10 00:19:35
slackware
slackware
[slackware-security] httpd
2008-07-29 05:31:49
[slackware-security] apache
2008-02-15 01:23:13
[slackware-security] httpd
2008-02-15 01:22:54
nessus
nessus
Slackware 12.0 / 12.1 / current : httpd (SSA:2008-210-02)
2008-07-29 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 8.1 / 9.0 / 9.1 : apache (SSA:2008-045-02)
2008-02-18 00:00:00
Apache < 2.0.63 Multiple XSS Vulnerabilities
2008-03-07 00:00:00
redhat
redhat
(RHSA-2008:0007) Moderate: httpd security update
2008-01-15 00:00:00
(RHSA-2008:0004) Moderate: apache security update
2008-01-15 00:00:00
(RHSA-2008:0006) Moderate: httpd security update
2008-01-15 00:00:00
centos
centos
apache security update
2008-01-16 02:42:35
httpd, mod_ssl security update
2008-01-15 13:48:01
httpd, mod_ssl security update
2008-01-15 12:48:29
oraclelinux
oraclelinux
Moderate: httpd security update
2008-01-15 00:00:00
Moderate: httpd security update
2008-01-15 00:00:00
Moderate: httpd security update
2008-01-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 2.2.8-alt1
2008-02-29 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.8-alt1
2008-02-29 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.8-alt1
2008-02-29 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: httpd-2.2.8-1.fc8
2008-02-16 02:11:16
[SECURITY] Fedora 7 Update: httpd-2.2.8-1.fc7
2008-02-16 02:08:32
suse
suse
cross site scripting in apache2,apache
2008-04-04 16:29:16
vmware
vmware
VMware Hosted products update libpng and Apache HTTP Server
2009-08-20 00:00:00
VMware Hosted products update libpng and Apache HTTP Server
2009-08-20 00:00:00
ubuntu
ubuntu
Apache vulnerabilities
2008-02-04 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2013
2013-07-16 00:00:00

0.96 High

EPSS

Percentile

99.3%

JSON
Related for SSV:2818
ubuntucve1openvas71httpd3cve1prion1debiancve1securityvulns6veracode1slackware3nessus39redhat8centos4oraclelinux3altlinux3fedora2suse1vmware2ubuntu1oracle1