You are here

CVE-2007-6388

Vincent (CVE) Danen's picture
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Details Source

Mitre

Public Date

2007-12-29 00:00:00

Impact

Moderate

Bugzilla

CVE-2007-6388 apache mod_status cross-site scripting

Bugzilla ID

427 228

CVSS Status

draft

Red Hat Security Errata

Platform Errata Release Date
Red Hat Satellite v 4.2 (RHEL v.3 AS) RHSA-2008:0524 2008-06-30
Red Hat Satellite Proxy v 4.2 (RHEL v.4 AS) RHSA-2008:0523 2008-06-30
Red Hat Certificate System 7.3 for 4AS RHSA-2010:0602 2010-08-04
Red Hat Satellite v 4.2 (RHEL v.4 AS) RHSA-2008:0524 2008-06-30
Red Hat Satellite 5.0 (RHEL v.4 AS) RHSA-2008:0261 2008-05-20
Red Hat Enterprise Linux 2.1 (apache) RHSA-2008:0004 2008-01-15
Red Hat Enterprise Linux 4 (httpd) RHSA-2008:0006 2008-01-15
Red Hat Satellite Proxy v 5.0 (RHEL v.4 AS) RHSA-2008:0263 2008-05-20
Red Hat Enterprise Linux 3 (httpd) RHSA-2008:0005 2008-01-15
Red Hat Satellite Proxy v 4.2 (RHEL v.3 AS) RHSA-2008:0523 2008-06-30
Red Hat Enterprise Linux 5 (httpd) RHSA-2008:0008 2008-01-15
Red Hat Application Stack v2 for Enterprise Linux (v.5) (httpd) RHSA-2008:0009 2008-01-21
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (httpd) RHSA-2008:0007 2008-01-15

CWE

CWE-79