Cross-Site Scripting Vulnerability in Apache HTTP Server's mod_perl
CVE-2009-0796

Currently unrated

Key Information:

Vendor: Apache
Status: Mod Perl
Vendor: CVE Published:; 7 April 2009

Summary

A cross-site scripting vulnerability exists in the Apache::Status and Apache2::Status modules associated with mod_perl for the Apache HTTP Server. When the /perl-status endpoint is accessible, it permits remote attackers to inject arbitrary web scripts or HTML content through crafted URIs. This can lead to unauthorized actions performed on behalf of users, making it essential for administrators to restrict access to this endpoint and apply necessary patches to mitigate potential exploitation risks.

References

http://www.securitytracker.com/id?1021988

vdb-entryx_refsource_SECTRACK

http://svn.apache.org/viewvc?view=rev&revision=761081

x_refsource_CONFIRM

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 7, 2009
Vulnerability Reserved
Mar 4, 2009