CVE-2006-5752 in HTTP Server信息

摘要 (英语)

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

预定

2006-11-06

披露

2007-06-27

状态

已确认

条目

VulDB provides additional information and datapoints for this CVE:

标识符	漏洞	CWE	可利用	对策	CVE
9599	Oracle HTTP Server Web Listener 跨网站脚本	80	高	官方修复	CVE-2006-5752
3263	IBM HTTP Server mod_status 跨网站脚本	80	高	官方修复	CVE-2006-5752

描述

CPE

CWE

CVSS

漏洞利用

历史

差异

连接

威胁情报

API JSON

API XML

API CSV

来源

◂ 上一步一览下一步 ▸

Do you need the next level of professionalism?

Upgrade your account now!