Apache – CVE-2007-6388

Description

Kayran has detected that Cross-site scripting (XSS) can be done in mod_status in the version of the Apache HTTP Server being used.
This vulnerability can be exploited only if mod_status pages are publicly accessible.
Also known as CVE-2007-6388.

If mod_status is enabled and the status pages are publicly accessible, a cross-site scripting attack is possible.
If the server-status page is enabled, remote attackers can inject arbitrary web script or HTML by abusing unspecified vectors.

This vulnerability allow attackers to modify system files and information.

Severity/Score

CVSS Version 2.0 – 4.3 Medium

Recommendation

To fix CVE-2007-6388, update the version of Apache HTTP Server being used to either 2.2.8, 2.0.63 or 1.3.41.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Bug Bounties

As pirates, we all love plundering, we all love raiding, but mostly, we all love bounties, especially Bug Bounties. Let’s talk about it. Bug Bounties

Read More »