CVE-2006-5752

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/06/2007
Last modified:
09/04/2025

Description

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* 1.3.2 (including) 1.3.39 (excluding)
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* 2.0.0 (including) 2.0.61 (excluding)
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* 2.2.0 (including) 2.2.6 (excluding)
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:4.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools