Vulnerability CVE-2007-6388: Information

Description

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Severity: MEDIUM (4.3)

URL: https://nvd.nist.gov/vuln/detail/CVE-2007-6388

Published: Jan. 8, 2008

Modified: Feb. 2, 2024

Error type identifier: CWE-79

References to Advisories, Solutions, and Tools

Hyperlink	Resource
http://httpd.apache.org/security/vulnerabilities_13.html	Third Party Advisory VDB Entry
http://httpd.apache.org/security/vulnerabilities_20.html	Third Party Advisory VDB Entry
http://httpd.apache.org/security/vulnerabilities_22.html	Third Party Advisory VDB Entry
1019154	Third Party Advisory VDB Entry
MDVSA-2008:014	Third Party Advisory
MDVSA-2008:015	Third Party Advisory
RHSA-2008:0004	Not Applicable
RHSA-2008:0005	Not Applicable
RHSA-2008:0006	Not Applicable
RHSA-2008:0007	Not Applicable
RHSA-2008:0008	Not Applicable
27237	Third Party Advisory VDB Entry
28467	Third Party Advisory VDB Entry
28471	Third Party Advisory VDB Entry
MDVSA-2008:016	Patch Third Party Advisory
28526	URL Repurposed
http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm	Third Party Advisory VDB Entry
28607	URL Repurposed
USN-575-1	Third Party Advisory VDB Entry
28749	URL Repurposed
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=689039	Broken Link
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf	Patch Third Party Advisory
28965	URL Repurposed
FEDORA-2008-1695	Patch Third Party Advisory
FEDORA-2008-1711	Patch Third Party Advisory
SSA:2008-045-02	Broken Link
28977	URL Repurposed
28922	URL Repurposed
233623	Broken Link
http://docs.info.apple.com/article.html?artnum=307562	Third Party Advisory VDB Entry
APPLE-SA-2008-03-18	Mailing List
29420	URL Repurposed
PK59667	Broken Link
PK62966	Broken Link
29504	URL Repurposed
3541	URL Repurposed
SUSE-SA:2008:021	Third Party Advisory
29640	URL Repurposed
PK63273	Broken Link
29806	URL Repurposed
RHSA-2008:0009	Not Applicable
29988	URL Repurposed
PK65782	Broken Link
RHSA-2008:0261	Not Applicable
30356	URL Repurposed
APPLE-SA-2008-05-28	Mailing List
TA08-150A	Third Party Advisory US Government Resource
30430	URL Repurposed
31142	URL Repurposed
30732	URL Repurposed
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html	Third Party Advisory
33200	URL Repurposed
[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server	Third Party Advisory
ADV-2008-1697	Permissions Required Third Party Advisory
ADV-2008-0924	Permissions Required Third Party Advisory
ADV-2008-0809	Permissions Required Third Party Advisory
ADV-2008-0554	Permissions Required Third Party Advisory
ADV-2008-0986	Permissions Required Third Party Advisory
ADV-2008-0047	Permissions Required Third Party Advisory
ADV-2008-1224	Broken Link
ADV-2008-0447	Permissions Required Third Party Advisory
ADV-2008-1623	Permissions Required Third Party Advisory
SSRT090208	Third Party Advisory VDB Entry
32800	URL Repurposed
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html	Not Applicable
apache-status-page-xss(39472)	Third Party Advisory VDB Entry
oval:org.mitre.oval:def:10272	Broken Link
20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server	Third Party Advisory VDB Entry
SSRT080059	Third Party Advisory VDB Entry
20080716 rPSA-2008-0035-1 httpd mod_ssl	Broken Link
SSRT080015	Broken Link
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory
[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory
[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory
[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory
[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory
[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory
[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/	Third Party Advisory
[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/	Third Party Advisory
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory
[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory
[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/	Third Party Advisory
[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/	Third Party Advisory
[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/	Third Party Advisory
[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/	Third Party Advisory
[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory
[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory
[httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory
[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory
[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
  Start including
  2.2.0
  End including
  2.2.6
  cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
  Start including
  2.0.35
  End including
  2.0.61
  cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
  Start including
  1.3.2
  End including
  1.3.39

Version: v24.5.1

Vulnerability CVE-2007-6388: Information

Description

References to Advisories, Solutions, and Tools

Configuration 1