Vulnerability Description
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | >= 1.3.2, < 1.3.39 |
| Canonical | Ubuntu Linux | 6.06 |
| Fedoraproject | Fedora | 7 |
| Redhat | Enterprise Linux Desktop | 3.0 |
| Redhat | Enterprise Linux Eus | 4.5 |
| Redhat | Enterprise Linux Server | 3.0 |
| Redhat | Enterprise Linux Workstation | 3.0 |
References
- http://bugs.gentoo.org/show_bug.cgi?id=186219Issue TrackingThird Party Advisory
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112Issue TrackingThird Party Advisory
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795Third Party Advisory
- http://httpd.apache.org/security/vulnerabilities_13.htmlVendor Advisory
- http://httpd.apache.org/security/vulnerabilities_20.htmlVendor Advisory
- http://httpd.apache.org/security/vulnerabilities_22.htmlVendor Advisory
- http://lists.vmware.com/pipermail/security-announce/2009/000062.htmlMailing ListThird Party Advisory
- http://osvdb.org/37052Broken Link
- http://rhn.redhat.com/errata/RHSA-2007-0534.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2007-0556.htmlThird Party Advisory
- http://secunia.com/advisories/25827Not Applicable
- http://secunia.com/advisories/25830Not Applicable
- http://secunia.com/advisories/25873Not Applicable
- http://secunia.com/advisories/25920Not Applicable
- http://secunia.com/advisories/26273Not Applicable
FAQ
What is CVE-2006-5752?
CVE-2006-5752 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote a...
How severe is CVE-2006-5752?
CVE-2006-5752 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5752?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Canonical Ubuntu Linux, Fedoraproject Fedora, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.