Vulnerability CVE-2006-5752: Information

Description

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.

Severity: MEDIUM (4.3)

URL: https://nvd.nist.gov/vuln/detail/CVE-2006-5752
Published: June 27, 2007
Modified: Nov. 7, 2023

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112
  • Issue Tracking
  • Third Party Advisory
http://svn.apache.org/viewvc?view=rev&revision=549159
  • Vendor Advisory
RHSA-2007:0532
  • Third Party Advisory
RHSA-2007:0534
  • Third Party Advisory
RHSA-2007:0556
  • Third Party Advisory
24645
  • Patch
  • Third Party Advisory
  • VDB Entry
https://issues.rpath.com/browse/RPL-1500
  • Broken Link
http://httpd.apache.org/security/vulnerabilities_13.html
  • Vendor Advisory
http://httpd.apache.org/security/vulnerabilities_20.html
  • Vendor Advisory
http://httpd.apache.org/security/vulnerabilities_22.html
  • Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm
  • Third Party Advisory
http://bugs.gentoo.org/show_bug.cgi?id=186219
  • Issue Tracking
  • Third Party Advisory
PK49295
  • Third Party Advisory
PK52702
  • Third Party Advisory
FEDORA-2007-2214
  • Mailing List
  • Third Party Advisory
GLSA-200711-06
  • Third Party Advisory
MDKSA-2007:140
  • Broken Link
MDKSA-2007:141
  • Broken Link
MDKSA-2007:142
  • Broken Link
RHSA-2007:0533
  • Third Party Advisory
RHSA-2007:0557
  • Third Party Advisory
SUSE-SA:2007:061
  • Broken Link
2007-0026
  • Broken Link
USN-499-1
  • Third Party Advisory
1018302
  • Broken Link
  • Third Party Advisory
  • VDB Entry
25827
  • Not Applicable
25830
  • Not Applicable
25873
  • Not Applicable
25920
  • Not Applicable
26273
  • Not Applicable
26443
  • Not Applicable
26458
  • Not Applicable
26508
  • Not Applicable
26822
  • Not Applicable
26842
  • Not Applicable
26993
  • Not Applicable
27037
  • Not Applicable
27563
  • Not Applicable
27732
  • Not Applicable
103179
  • Broken Link
28212
  • Not Applicable
28224
  • Not Applicable
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html
  • Third Party Advisory
28606
  • Not Applicable
200032
  • Broken Link
RHSA-2008:0261
  • Third Party Advisory
[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
  • Mailing List
  • Third Party Advisory
ADV-2008-0233
  • Permissions Required
SSRT071447
  • Third Party Advisory
ADV-2007-4305
  • Permissions Required
ADV-2007-2727
  • Permissions Required
ADV-2007-3283
  • Permissions Required
ADV-2007-3386
  • Permissions Required
37052
  • Broken Link
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
  • Third Party Advisory
apache-modstatus-xss(35097)
  • Third Party Advisory
  • VDB Entry
oval:org.mitre.oval:def:10154
  • Third Party Advisory
20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
  • Third Party Advisory
  • VDB Entry
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
    [httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
      [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
        [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
          [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
            [httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
              [httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                  [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
                    [httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                      [httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                        [httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/
                          [httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                            [httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
                              [httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
                                [httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
                                  [httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html
                                    [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
                                      [httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

                                          1. Configuration 1

                                            cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
                                            Start including
                                            2.2.0
                                            End excliding
                                            2.2.6
                                            cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
                                            Start including
                                            2.0.0
                                            End excliding
                                            2.0.61
                                            cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
                                            Start including
                                            1.3.2
                                            End excliding
                                            1.3.39

                                            Configuration 2

                                            cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
                                            cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
                                            cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

                                            Configuration 3

                                            cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*

                                            Configuration 4

                                            cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
                                            cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
                                            cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
                                            cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
                                            cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
                                            cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
                                            cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
                                            cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
                                            cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
                                            cpe:2.3:o:redhat:enterprise_linux_eus:4.5:*:*:*:*:*:*:*
                                        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                        Version: v24.4.2
                                        Back to top