CVE-2006-5752

Published: Jun 27, 2007Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.

Affected (17)

Products: Apache: Http Server · Canonical: Ubuntu Linux · Fedoraproject: Fedora · +1 more

Show all products

Apache: Http Server · Canonical: Ubuntu Linux · Fedoraproject: Fedora · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Workstation

1 product

1 product

1 product

4 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Workstation

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	From 1.3.2 to 1.3.39
Apache Http Server	From 2.0.0 to 2.0.61
Apache Http Server	From 2.2.0 to 2.2.6

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 6.10
Canonical Ubuntu Linux	Version 7.04

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 7

Configuration D

10 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 3.0
Redhat Enterprise Linux Desktop	Version 4.0
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Eus	Version 4.5
Redhat Enterprise Linux Server	Version 3.0
Redhat Enterprise Linux Server	Version 4.0
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Workstation	Version 3.0
Redhat Enterprise Linux Workstation	Version 4.0
Redhat Enterprise Linux Workstation	Version 5.0

References (154)

http://bugs.gentoo.org/show_bug.cgi?id=186219

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795

Source: secalert@redhat.com

Third Party Advisory

http://httpd.apache.org/security/vulnerabilities_13.html

Source: secalert@redhat.com

Vendor Advisory

http://httpd.apache.org/security/vulnerabilities_20.html

Source: secalert@redhat.com

Vendor Advisory

http://httpd.apache.org/security/vulnerabilities_22.html

Source: secalert@redhat.com

Vendor Advisory

http://lists.vmware.com/pipermail/security-announce/2009/000062.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://osvdb.org/37052

Source: secalert@redhat.com

Broken Link

http://rhn.redhat.com/errata/RHSA-2007-0534.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2007-0556.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/25827

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/25830

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/25873

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/25920

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/26273

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/26443

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/26458

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/26508

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/26822

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/26842

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/26993

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/27037

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/27563

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/27732

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/28212

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/28224

Source: secalert@redhat.com

Not Applicable

http://secunia.com/advisories/28606

Source: secalert@redhat.com

Not Applicable

http://security.gentoo.org/glsa/glsa-200711-06.xml

Source: secalert@redhat.com

Third Party Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1

Source: secalert@redhat.com

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1

Source: secalert@redhat.com

Broken Link

http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm

Source: secalert@redhat.com

Third Party Advisory

http://svn.apache.org/viewvc?view=rev&revision=549159

Source: secalert@redhat.com

Vendor Advisory

http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702

Source: secalert@redhat.com

Third Party Advisory

http://www-1.ibm.com/support/search.wss?rs=0&q=PK49295&apar=only

Source: secalert@redhat.com

Third Party Advisory

http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:140

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDKSA-2007:141

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDKSA-2007:142

Source: secalert@redhat.com

Broken Link

http://www.novell.com/linux/security/advisories/2007_61_apache2.html

Source: secalert@redhat.com

Broken Link

http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0532.html

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0557.html

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0261.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/archive/1/505990/100/0/threaded

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/24645

Source: secalert@redhat.com

PatchThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1018302

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.trustix.org/errata/2007/0026/

Source: secalert@redhat.com

Broken Link

http://www.ubuntu.com/usn/usn-499-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2007/2727

Source: secalert@redhat.com

Permissions Required

http://www.vupen.com/english/advisories/2007/3283

Source: secalert@redhat.com

Permissions Required

http://www.vupen.com/english/advisories/2007/3386

Source: secalert@redhat.com

Permissions Required

http://www.vupen.com/english/advisories/2007/4305

Source: secalert@redhat.com

Permissions Required

http://www.vupen.com/english/advisories/2008/0233

Source: secalert@redhat.com

Permissions Required

https://exchange.xforce.ibmcloud.com/vulnerabilities/35097

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://issues.rpath.com/browse/RPL-1500

Source: secalert@redhat.com

Broken Link

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10154

Source: secalert@redhat.com

Third Party Advisory

https://rhn.redhat.com/errata/RHSA-2007-0533.html

Source: secalert@redhat.com

Third Party Advisory

http://bugs.gentoo.org/show_bug.cgi?id=186219