CVE-2007-6388

Loading...

General

Score:4.3/10.0
Severity:Low
Category:XSS Injection
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2004-0488, CVE-2004-0687, CVE-2004-0688, CVE-2004-0700, CVE-2004-0885, CVE-2004-0914, CVE-2005-0605, CVE-2005-2090, CVE-2005-3352, CVE-2005-3357, CVE-2005-3510, CVE-2005-3964, CVE-2005-4077, CVE-2005-4838, CVE-2006-0254, CVE-2006-0898, CVE-2006-1329, CVE-2006-3334, CVE-2006-3747, CVE-2006-3835, CVE-2006-3918, CVE-2006-5752, CVE-2006-5793, CVE-2006-6481, CVE-2006-7195, CVE-2006-7196, CVE-2006-7197, CVE-2007-0071, CVE-2007-0243, CVE-2007-0450, CVE-2007-0897, CVE-2007-0898, CVE-2007-1349, CVE-2007-1355, CVE-2007-1358, CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-1745, CVE-2007-1860, CVE-2007-1863, CVE-2007-1997, CVE-2007-2435, CVE-2007-2445, CVE-2007-2449, CVE-2007-2450, CVE-2007-2788, CVE-2007-2789, CVE-2007-2799, CVE-2007-3304, CVE-2007-3378, CVE-2007-3382, CVE-2007-3385, CVE-2007-3725, CVE-2007-3799, CVE-2007-3847, CVE-2007-4465, CVE-2007-4510, CVE-2007-4560, CVE-2007-4568, CVE-2007-4752, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768, CVE-2007-4887, CVE-2007-4990, CVE-2007-5000, CVE-2007-5116, CVE-2007-5266, CVE-2007-5267, CVE-2007-5268, CVE-2007-5269, CVE-2007-5275, CVE-2007-5333, CVE-2007-5461, CVE-2007-5759, CVE-2007-5795, CVE-2007-5901, CVE-2007-5958, CVE-2007-5961, CVE-2007-5971, CVE-2007-6019, CVE-2007-6109, CVE-2007-6203, CVE-2007-6306, CVE-2007-6335, CVE-2007-6336, CVE-2007-6337, CVE-2007-6359, CVE-2007-6421, CVE-2007-6422, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2007-6612, CVE-2008-0005, CVE-2008-0006, CVE-2008-0044, CVE-2008-0045, CVE-2008-0046, CVE-2008-0047, CVE-2008-0048, CVE-2008-0049, CVE-2008-0050, CVE-2008-0051, CVE-2008-0052, CVE-2008-0053, CVE-2008-0054, CVE-2008-0055, CVE-2008-0056, CVE-2008-0057, CVE-2008-0058, CVE-2008-0059, CVE-2008-0060, CVE-2008-0062, CVE-2008-0063, CVE-2008-0128, CVE-2008-0177, CVE-2008-0318, CVE-2008-0596, CVE-2008-0728, CVE-2008-0882, CVE-2008-0987, CVE-2008-0988, CVE-2008-0989, CVE-2008-0990, CVE-2008-0992, CVE-2008-0993, CVE-2008-0994, CVE-2008-0995, CVE-2008-0996, CVE-2008-0997, CVE-2008-0998, CVE-2008-0999, CVE-2008-1000, CVE-2008-1027, CVE-2008-1028, CVE-2008-1030, CVE-2008-1031, CVE-2008-1032, CVE-2008-1033, CVE-2008-1034, CVE-2008-1035, CVE-2008-1036, CVE-2008-1232, CVE-2008-1571, CVE-2008-1572, CVE-2008-1573, CVE-2008-1574, CVE-2008-1575, CVE-2008-1576, CVE-2008-1577, CVE-2008-1578, CVE-2008-1579, CVE-2008-1580, CVE-2008-1654, CVE-2008-1655, CVE-2008-1927, CVE-2008-2364, CVE-2008-2370, CVE-2008-2939, CVE-2008-5515, CVE-2009-0023, CVE-2009-0033, CVE-2009-0580, CVE-2009-1891, CVE-2009-1955, CVE-2009-1956, CVE-2009-2412, CVE-2009-3094, CVE-2009-3095, CVE-2009-4901, CVE-2009-4902, CVE-2010-0407, CVE-2010-0434

Published on 08/01/08 - Updated on 30/10/18

Description

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Category: XSS Injection

CWE-79 (Cross-Site Scripting (XSS))
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Security Notices

US National Vulnerability DatabaseCVE-2007-6388
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2008-AVI-011, CERTA-2008-AVI-148, CERTA-2008-AVI-204, CERTA-2008-AVI-278, CERTA-2013-AVI-425
CentOS CESA-2008:0005, CESA-2008:0006, CESA-2008:0008
Redhat RHSA-2008:0004, RHSA-2008:0005, RHSA-2008:0006, RHSA-2008:0007, RHSA-2008:0008, RHSA-2008:0009, RHSA-2008:0261, RHSA-2008:0263, RHSA-2008:0523, RHSA-2008:0524, RHSA-2010:0602
Renater 2008/VULN042, 2008/VULN091, 2008/VULN189, 2008/VULN540

Exploits

SecurityFocusBID-27237

Relative technologies

VendorProduct
apachehttp_server

Share this vulnerability with:

Twitter Facebook LinkedIn Mail