Apache – CVE-2007-6388

Description

Kayran has detected that Cross-site scripting (XSS) can be done in mod_status in the version of the Apache HTTP Server being used.
This vulnerability can be exploited only if mod_status pages are publicly accessible.
Also known as CVE-2007-6388.

If mod_status is enabled and the status pages are publicly accessible, a cross-site scripting attack is possible.
If the server-status page is enabled, remote attackers can inject arbitrary web script or HTML by abusing unspecified vectors.

This vulnerability allow attackers to modify system files and information.

Severity/Score

CVSS Version 2.0 – 4.3 Medium

Recommendation

To fix CVE-2007-6388, update the version of Apache HTTP Server being used to either 2.2.8, 2.0.63 or 1.3.41.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Read More »

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »