Kayran has detected that Cross-site scripting (XSS) can be done in mod_status in the version of the Apache HTTP Server being used.
This vulnerability can be exploited only if mod_status pages are publicly accessible.
Also known as CVE-2007-6388.
If mod_status is enabled and the status pages are publicly accessible, a cross-site scripting attack is possible.
If the server-status page is enabled, remote attackers can inject arbitrary web script or HTML by abusing unspecified vectors.
This vulnerability allow attackers to modify system files and information.
CVSS Version 2.0 – 4.3 Medium
To fix CVE-2007-6388, update the version of Apache HTTP Server being used to either 2.2.8, 2.0.63 or 1.3.41.