Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6388

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6388
Last Modified 17 Jul 2013 11:33:53
Published 08 Jan 2008 01:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6388

Summary

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Systems

Application

  • Apache Http Server 1.3.1

  • Apache Http Server 1.3.11

  • Apache Http Server 1.3.12

  • Apache Http Server 1.3.2

  • Apache Http Server 1.3.22

  • Apache Http Server 1.3.23

  • Apache Http Server 1.3.24

  • Apache Http Server 1.3.25

  • Apache Http Server 1.3.26

  • Apache Http Server 1.3.27

  • Apache Http Server 1.3.28

  • Apache Http Server 1.3.29

  • Apache Http Server 1.3.3

  • Apache Http Server 1.3.30

  • Apache Http Server 1.3.31

  • Apache Http Server 1.3.32

  • Apache Http Server 1.3.33

  • Apache Http Server 1.3.37

  • Apache Http Server 1.3.38

  • Apache Http Server 1.3.39

  • Apache Http Server 1.3.4

  • Apache Http Server 1.3.5

  • Apache Http Server 1.3.6

  • Apache Http Server 1.3.7

  • Apache Http Server 1.3.8

  • Apache Http Server 1.3.9

  • Apache Http Server 2.0.35

  • Apache Http Server 2.0.36

  • Apache Http Server 2.0.37

  • Apache Http Server 2.0.38

  • Apache Http Server 2.0.39

  • Apache Http Server 2.0.40

  • Apache Http Server 2.0.41

  • Apache Http Server 2.0.42

  • Apache Http Server 2.0.43

  • Apache Http Server 2.0.44

  • Apache Http Server 2.0.45

  • Apache Http Server 2.0.46

  • Apache Http Server 2.0.47

  • Apache Http Server 2.0.48

  • Apache Http Server 2.0.49

  • Apache Http Server 2.0.50

  • Apache Http Server 2.0.51

  • Apache Http Server 2.0.52

  • Apache Http Server 2.0.53

  • Apache Http Server 2.0.54

  • Apache Http Server 2.0.55

  • Apache Http Server 2.0.56

  • Apache Http Server 2.0.57

  • Apache Http Server 2.0.58

  • Apache Http Server 2.0.59

  • Apache Http Server 2.0.60

  • Apache Http Server 2.0.61

  • Apache Http Server 2.2

  • Apache Http Server 2.2.1

  • Apache Http Server 2.2.2

  • Apache Http Server 2.2.3

  • Apache Http Server 2.2.4

  • Apache Http Server 2.2.5

  • Apache Http Server 2.2.6


References

CERT - TA08-150A

XF - apache-status-page-xss(39472)

VUPEN - ADV-2008-1697

VUPEN - ADV-2008-1623

VUPEN - ADV-2008-1224

VUPEN - ADV-2008-0986

VUPEN - ADV-2008-0924

VUPEN - ADV-2008-0809

VUPEN - ADV-2008-0554

VUPEN - ADV-2008-0447

VUPEN - ADV-2008-0047

BUGTRAQ - 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server

HP - SSRT080059

BUGTRAQ - 20080716 rPSA-2008-0035-1 httpd mod_ssl

HP - HPSBUX02313

CONFIRM - http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html

SECTRACK - 1019154

SECUNIA - 33200

SECUNIA - 31142

SECUNIA - 30732

HP - SSRT090208

HP - HPSBOV02683

MLIST - [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server

CONFIRM - http://httpd.apache.org/security/vulnerabilities_22.html

CONFIRM - http://httpd.apache.org/security/vulnerabilities_20.html

CONFIRM - http://httpd.apache.org/security/vulnerabilities_13.html

FEDORA - FEDORA-2008-1695

FEDORA - FEDORA-2008-1711

CONFIRM - http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf

UBUNTU - USN-575-1

BID - 27237

REDHAT - RHSA-2008:0261

REDHAT - RHSA-2008:0009

REDHAT - RHSA-2008:0008

REDHAT - RHSA-2008:0007

REDHAT - RHSA-2008:0006

REDHAT - RHSA-2008:0005

REDHAT - RHSA-2008:0004

MANDRIVA - MDVSA-2008:016

MANDRIVA - MDVSA-2008:015

MANDRIVA - MDVSA-2008:014

AIXAPAR - PK59667

AIXAPAR - PK65782

AIXAPAR - PK63273

AIXAPAR - PK62966

CONFIRM - http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=689039

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm

SUNALERT - 233623

SLACKWARE - SSA:2008-045-02

SREASON - 3541

SECUNIA - 30430

SECUNIA - 30356

SECUNIA - 29988

SECUNIA - 29806

SECUNIA - 29640

SECUNIA - 29504

SECUNIA - 29420

SECUNIA - 28977

SECUNIA - 28965

SECUNIA - 28922

SECUNIA - 28749

SECUNIA - 28607

SECUNIA - 28526

SECUNIA - 28471

SECUNIA - 28467

SUSE - SUSE-SA:2008:021

APPLE - APPLE-SA-2008-03-18

APPLE - APPLE-SA-2008-05-28

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

SECUNIA - 32800

HP - HPSBMA02388

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

HP - SSRT080015

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Server (Tiger PPC)

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Tiger PPC)

Apple 2008-03-18 Security Update 2008-002 v1.0 Server (Tiger Universal)

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Tiger Universal)

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Leopard)

Apple 2008-03-26 Security Update 2008-002 v1.1 Server (Leopard) (Rev 2)

Apple 2008-03-26 Security Update 2008-002 v1.1 Client (Leopard) (Rev 2)

Apple 2008-05-28 Security Update 2008-003 (PPC)

Apple 2008-05-28 Security Update 2008-003 Server (PPC)

Apple 2008-05-28 Security Update 2008-003 (Intel)

Apple 2008-05-28 Security Update 2008-003 Server (Universal)


Last Updated: 27 May 2016 11:01:20