Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2009-0796 First vendor Publication 2009-04-07
Vendor Cve Last vendor Modification 2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Cvss Base Score 2.6 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:8488
 
Oval ID: oval:org.mitre.oval:def:8488
Title: Security Vulnerabilities in the Apache 2 "mod_perl2" Module Components "Status.pm" May Lead to Denial of Service (DoS) or Unauthorized Access to Data
Description: Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0796
 Version: 2
Platform(s): Sun Solaris 10
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

OpenVAS Exploits

Date Description
2011-09-07 Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2010-02-03 Name : Solaris Update for Apache 1.3 122911-19
File : nvt/gb_solaris_122911_19.nasl
2010-02-03 Name : Solaris Update for Apache 1.3 122912-19
File : nvt/gb_solaris_122912_19.nasl
2009-12-14 Name : Mandriva Security Advisory MDVSA-2009:091-1 (mod_perl)
File : nvt/mdksa_2009_091_1.nasl
2009-05-20 Name : FreeBSD Ports: mod_perl
File : nvt/freebsd_mod_perl0.nasl
2009-04-20 Name : Ubuntu USN-757-1 (gs-gpl)
File : nvt/ubuntu_757_1.nasl
2009-04-15 Name : Mandrake Security Advisory MDVSA-2009:091 (mod_perl)
File : nvt/mdksa_2009_091.nasl
2009-04-13 Name : Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting V...
File : nvt/modperl_cve_2009_0796.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
53289 Apache mod_perl Apache::Status /perl-status Unspecified XSS

Nessus® Vulnerability Scanner

Date Description
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO
2009-05-18 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_4a63889541b711deb1cc00219b0fc4d8.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-091.nasl - Type : ACT_GATHER_INFO
2009-04-07 Name : The remote web server uses a module that is affected by a cross-site scriptin...
File : mod_perl_status_uri_xss.nasl - Type : ACT_GATHER_INFO
2006-07-18 Name : The remote host is missing Sun Security Patch number 122911-37
File : solaris10_122911.nasl - Type : ACT_GATHER_INFO
2006-07-18 Name : The remote host is missing Sun Security Patch number 122912-37
File : solaris10_x86_122912.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
BID http://www.securityfocus.com/bid/34383
BUGTRAQ http://www.securityfocus.com/archive/1/502709/100/0/threaded
CONFIRM http://support.apple.com/kb/HT4435
http://svn.apache.org/viewvc?view=rev&revision=761081
http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?r...
https://bugzilla.redhat.com/show_bug.cgi?id=494402
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:091
MISC https://launchpad.net/bugs/cve/2009-0796
MLIST http://www.gossamer-threads.com/lists/modperl/modperl-cvs/99477#99477
http://www.gossamer-threads.com/lists/modperl/modperl/99475#99475
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK http://www.securitytracker.com/id?1021988
SECUNIA http://secunia.com/advisories/34597
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021709.1-1
VUPEN http://www.vupen.com/english/advisories/2009/0943

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2023-02-13 09:29:20
  • Multiple Updates
2023-02-02 21:28:57
  • Multiple Updates
2020-05-23 00:23:27
  • Multiple Updates
2018-10-11 00:19:32
  • Multiple Updates
2017-09-29 09:24:06
  • Multiple Updates
2016-06-28 17:36:42
  • Multiple Updates
2016-04-26 18:40:47
  • Multiple Updates
2014-02-17 10:49:06
  • Multiple Updates
2013-05-10 23:45:31
  • Multiple Updates