exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2007-6388

Status Candidate

Overview

Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Related Files

HP Security Bulletin HPSBOV02683 SSRT090208
Posted May 10, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02683 SSRT090208 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.

tags | advisory, web, denial of service, php, vulnerability
advisories | CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010
SHA-256 | a7638da01e18d2a3d9c6e84728556bb08fdb00082b9c904826eb85aa31a5870d
HP Security Bulletin HPSBMA02442 SSRT090108
Posted May 27, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP Business Availability Center running Apache. The vulnerabilities could be remotely exploited to allow Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Denial of Service (DoS).

tags | advisory, denial of service, vulnerability, xss, csrf
advisories | CVE-2008-2939, CVE-2008-2364, CVE-2008-0005, CVE-2007-6422, CVE-2007-6421, CVE-2007-6420, CVE-2007-6388, CVE-2007-5000
SHA-256 | 8984e6a6d71e3911533469692dc0da853eb51153edc9f05ce6268a71ce2b470d
VMware Security Advisory 2009-0010
Posted Aug 23, 2009
Authored by VMware | Site vmware.com

VMware Security Advisory - Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server.

tags | advisory, web, arbitrary
systems | windows
advisories | CVE-2009-0040, CVE-2007-3847, CVE-2007-1863, CVE-2006-5752, CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005
SHA-256 | fa25255a1fe8dc51e8b60d69060b437dd5c2bb2ea3ba80fcabeb503621483800
HP Security Bulletin 2008-00.59
Posted Nov 20, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM).The vulnerabilities could be exploited remotely to allow cross site scripting (XSS).

tags | advisory, vulnerability, xss
advisories | CVE-2007-6388, CVE-2007-5000
SHA-256 | b8c9fe6d25660a81a6f06aae5f7fa118b9a41d276c0d7b7e813c689357f06725
HP Security Bulletin 2008-00.15
Posted Feb 13, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Apache. The vulnerability could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary
systems | hpux
advisories | CVE-2007-6388
SHA-256 | 3a12a779aae311d77739e03767b4aa32e46cfa311cb9c6c01e788f5ddae26b89
Ubuntu Security Notice 575-1
Posted Feb 5, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 575-1 - A slew of denial of service and cross site scripting related vulnerabilities have been patched in the apache2 package.

tags | advisory, denial of service, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005
SHA-256 | fbd90fd3b1d7a6b5559c9b4afb5b47c7da3fc94863094e4710b15c7ae02b1709
Mandriva Linux Security Advisory 2008-016
Posted Jan 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_balancer module could lead to a cross-site scripting attack against an authorized user on sites where mod_proxy_balancer was enabled. Another flaw in the mod_proxy_balancer module was found where, on sites with the module enabled, an authorized user could send a carefully crafted request that would cause the apache child process handling the request to crash, which could lead to a denial of service if using a threaded MPM. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.

tags | advisory, web, denial of service, xss
systems | linux, mandriva
advisories | CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005
SHA-256 | 7011750e86e2350ac4aa01c2801209a1471d2cfd530582dc3a9b8ae8243bbe30
Mandriva Linux Security Advisory 2008-015
Posted Jan 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.

tags | advisory, web, xss
systems | linux, mandriva
advisories | CVE-2007-5000, CVE-2007-6388, CVE-2008-0005
SHA-256 | dda119fab4bbfc092df5941a6d76ce66e859a53e5fab37e511b65b301d0251c9
Mandriva Linux Security Advisory 2008-014
Posted Jan 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw found in the mod_autoindex module could lead to a cross-site scripting attack on sites where mod_autoindex was enabled and the AddDefaultCharset directive was removed from the configuration, against web browsers that did not correctly derive the response character set following the rules in RFC 2616. A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publicly available. A flaw found in the mod_status module could lead to a cross-site scripting attack on sites where mod_status was enabled and the status pages were publicly available. A flaw found in the mod_proxy_ftp module could lead to a cross-site scripting attack against web browsers which do not correctly derive the response character set following the rules in RFC 2616, on sites where the mod_proxy_ftp module was enabled.

tags | advisory, web, xss
systems | linux, mandriva
advisories | CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005
SHA-256 | 99928353f403d25058b0be4b7ae1cc98fadff2fc75cd15dec8eded067ebadb82
apache-modstatus.txt
Posted Jan 15, 2008
Authored by sp3x | Site securityreason.com

The Apache mod_status functionality suffers from a refresh header cross site scripting vulnerability. Versions 2.2.x, 1.3.x, and 2.0.x are affected.

tags | advisory, xss
advisories | CVE-2007-6388
SHA-256 | fd5081f6a989b6e648816548c2d42a99bc8f347753f4e137a2799deb1aee1473
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close