Test ID:	1.3.6.1.4.1.25623.1.0.60118
Category:	Misc.
Title:	Apache mod_status XSS
Summary:	NOSUMMARY
Description:	Description: The remote host appears to be running a version of Apache vulnerable to cross site scripting attacks when the server status page is enabled. Versions 2.2.0 through 2.2.6 are vulnerable. Versions 2.0.35 through 2.0.61 are vulnerable. Versions 1.3.2 through 1.3.39 are vulnerable. Solution : Restrict/disable access to the server status page. Risk factor : Medium CVSS Score: 4.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-6388 AIX APAR: PK59667 http://www-1.ibm.com/support/search.wss?rs=0&q=PK59667&apar=only AIX APAR: PK62966 http://www-1.ibm.com/support/docview.wss?uid=swg1PK62966 AIX APAR: PK63273 http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273 AIX APAR: PK65782 http://www-1.ibm.com/support/docview.wss?uid=swg24019245 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html BugTraq ID: 27237 http://www.securityfocus.com/bid/27237 Bugtraq: 20080716 rPSA-2008-0035-1 httpd mod_ssl (Google Search) http://www.securityfocus.com/archive/1/494428/100/0/threaded Bugtraq: 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server (Google Search) http://www.securityfocus.com/archive/1/505990/100/0/threaded Cert/CC Advisory: TA08-150A http://www.us-cert.gov/cas/techalerts/TA08-150A.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html HPdes Security Advisory: HPSBMA02388 http://www.securityfocus.com/archive/1/498523/100/0/threaded HPdes Security Advisory: HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPdes Security Advisory: HPSBUX02313 http://www.securityfocus.com/archive/1/488082/100/0/threaded HPdes Security Advisory: SSRT080015 HPdes Security Advisory: SSRT080059 HPdes Security Advisory: SSRT090208 http://www.mandriva.com/security/advisories?name=MDVSA-2008:014 http://www.mandriva.com/security/advisories?name=MDVSA-2008:015 http://www.mandriva.com/security/advisories?name=MDVSA-2008:016 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E http://lists.vmware.com/pipermail/security-announce/2009/000062.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10272 http://www.redhat.com/support/errata/RHSA-2008-0004.html http://www.redhat.com/support/errata/RHSA-2008-0005.html http://www.redhat.com/support/errata/RHSA-2008-0006.html http://www.redhat.com/support/errata/RHSA-2008-0007.html http://www.redhat.com/support/errata/RHSA-2008-0008.html http://www.redhat.com/support/errata/RHSA-2008-0009.html http://www.redhat.com/support/errata/RHSA-2008-0261.html http://securitytracker.com/id?1019154 http://secunia.com/advisories/28467 http://secunia.com/advisories/28471 http://secunia.com/advisories/28526 http://secunia.com/advisories/28607 http://secunia.com/advisories/28749 http://secunia.com/advisories/28922 http://secunia.com/advisories/28965 http://secunia.com/advisories/28977 http://secunia.com/advisories/29420 http://secunia.com/advisories/29504 http://secunia.com/advisories/29640 http://secunia.com/advisories/29806 http://secunia.com/advisories/29988 http://secunia.com/advisories/30356 http://secunia.com/advisories/30430 http://secunia.com/advisories/30732 http://secunia.com/advisories/31142 http://secunia.com/advisories/32800 http://secunia.com/advisories/33200 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748 http://securityreason.com/securityalert/3541 http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1 SuSE Security Announcement: SUSE-SA:2008:021 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html http://www.ubuntu.com/usn/usn-575-1 http://www.vupen.com/english/advisories/2008/0047 http://www.vupen.com/english/advisories/2008/0447/references http://www.vupen.com/english/advisories/2008/0554 http://www.vupen.com/english/advisories/2008/0809/references http://www.vupen.com/english/advisories/2008/0924/references http://www.vupen.com/english/advisories/2008/0986/references http://www.vupen.com/english/advisories/2008/1224/references http://www.vupen.com/english/advisories/2008/1623/references http://www.vupen.com/english/advisories/2008/1697 XForce ISS Database: apache-status-page-xss(39472) https://exchange.xforce.ibmcloud.com/vulnerabilities/39472
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.