Moderate

CVE-2007-6388 - Cross-Site Scripting (XSS) vulnerability in Apache HTTP Server

Publication: 2008-01-08
Summary

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Classification
CWE-79: Cross-Site Scripting (XSS)

Risk level (CVSS 4.3)

Moderate

4.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Apache Http Server -
  • Apache Http Server 1.3.1
  • Apache Http Server 1.3.2
  • Apache Http Server 1.3.3
  • Apache Http Server 1.3.4
  • Apache Http Server 1.3.5
  • Apache Http Server 1.3.6
  • Apache Http Server 1.3.7
  • Apache Http Server 1.3.8
  • Apache Http Server 1.3.9
  • Apache Http Server 1.3.11
  • Apache Http Server 1.3.12
  • Apache Http Server 1.3.22
  • Apache Http Server 1.3.23
  • Apache Http Server 1.3.24
  • Apache Http Server 1.3.25
  • Apache Http Server 1.3.26
  • Apache Http Server 1.3.27
  • Apache Http Server 1.3.28
  • Apache Http Server 1.3.29
  • Apache Http Server 1.3.30
  • Apache Http Server 1.3.31
  • Apache Http Server 1.3.32
  • Apache Http Server 1.3.33
  • Apache Http Server 1.3.37
  • Apache Http Server 1.3.38
  • Apache Http Server 1.3.39
  • Apache Http Server 2.0.35
  • Apache Http Server 2.0.36
  • Apache Http Server 2.0.37
  • Apache Http Server 2.0.38
  • Apache Http Server 2.0.39
  • Apache Http Server 2.0.40
  • Apache Http Server 2.0.41
  • Apache Http Server 2.0.42
  • Apache Http Server 2.0.43
  • Apache Http Server 2.0.44
  • Apache Http Server 2.0.45
  • Apache Http Server 2.0.46
  • Apache Http Server 2.0.47
  • Apache Http Server 2.0.48
  • Apache Http Server 2.0.49
  • Apache Http Server 2.0.50
  • Apache Http Server 2.0.51
  • Apache Http Server 2.0.52
  • Apache Http Server 2.0.53
  • Apache Http Server 2.0.54
  • Apache Http Server 2.0.55
  • Apache Http Server 2.0.56
  • Apache Http Server 2.0.57
  • Apache Http Server 2.0.58
  • Apache Http Server 2.0.59
  • Apache Http Server 2.0.60
  • Apache Http Server 2.0.61
  • Apache Http Server 2.2
  • Apache Http Server 2.2.1
  • Apache Http Server 2.2.2
  • Apache Http Server 2.2.3
  • Apache Http Server 2.2.4
  • Apache Http Server 2.2.6

References