CVE-2006-5752
CVE-2006-5752
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://bugs.gentoo.org/show_bug.cgi?id=186219http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795http://httpd.apache.org/security/vulnerabilities_13.htmlhttp://httpd.apache.org/security/vulnerabilities_20.htmlhttp://httpd.apache.org/security/vulnerabilities_22.htmlhttp://lists.vmware.com/pipermail/security-announce/2009/000062.htmlhttp://osvdb.org/37052http://rhn.redhat.com/errata/RHSA-2007-0534.htmlhttp://rhn.redhat.com/errata/RHSA-2007-0556.htmlhttp://secunia.com/advisories/25827http://secunia.com/advisories/25830