Description
Cytrix has detected that Cross-site scripting (XSS) can be done in mod_status in the version of the Apache HTTP Server being used.
This vulnerability can be exploited only if mod_status pages are publicly accessible.
Also known as CVE-2007-6388.
If mod_status is enabled and the status pages are publicly accessible, a cross-site scripting attack is possible.
If the server-status page is enabled, remote attackers can inject arbitrary web script or HTML by abusing unspecified vectors.
This vulnerability allow attackers to modify system files and information.
Severity/Score
CVSS Version 2.0 – 4.3 Medium
Recommendation
To fix CVE-2007-6388, update the version of Apache HTTP Server being used to either 2.2.8, 2.0.63 or 1.3.41.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
https://cwe.mitre.org/data/definitions/79.html