Apache Mod_perl 'Apache::Status' And 'Apache2::Status' Cross Site Scripting Vulnerability Network Vulnerability

Summary

According to its version number, the remote version of the Apache mod_perl module is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Solution

The vendor has released a fix through the SVN repository.

References

http://mail-archives.apache.org/mod_mbox/perl-advocacy/200904.mbox/<ad28918e0904011458h273a71d4x408f1ed286c9dfbc@mail.gmail.com>
http://www.securityfocus.com/bid/34383

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0796

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Bugzilla 'localconfig' Information Disclosure Vulnerability
Alpha Networks ADSL2/2+ Wireless Router version ASL-26555 Password Information Disclosure Vulnerability
Multiple ZyWALL USG Products Remote Security Bypass Vulnerability
PhreeBooks Multiple Remote Vulnerabilities
MediaWiki 'profileinfo.php' Cross Site Scripting Vulnerability

Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities