Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary | |
---|---|
Title | Sun Alert 274110 Security Vulnerability in the Apache 1.3 "mod_perl" Module Component "Status.pm" May Lead to Unauthorized Access to Data |
Informations | |||
---|---|---|---|
Name | SUN-274110 | First vendor Publication | 2009-12-16 |
Vendor | Sun | Last vendor Modification | 2010-03-08 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.6 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Solaris 8, Solaris 9, Solaris 10, OpenSolaris A cross-site scripting (XSS) vulnerability in the Apache 1.3 HTTPserver "mod_perl" module's perl-status utility may allow anunprivileged remote user to inject arbitrary web script or HTML whileaccessing a crafted URL to perl-status utility. This can result invarious impacts including the theft of sensitive information such ascookie information, access to user credentials or the hijacking ofsessions. Additional information regarding this issue is available at: CVE-2009-0796 at http://www.security-database.com/detail.php?cve=CVE-2009-0796 State: Workaround First released: 15-Dec-2009 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_274110_security_vulnerability |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:8488 | |||
Oval ID: | oval:org.mitre.oval:def:8488 | ||
Title: | Security Vulnerabilities in the Apache 2 "mod_perl2" Module Components "Status.pm" May Lead to Denial of Service (DoS) or Unauthorized Access to Data | ||
Description: | Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0796 | Version: | 2 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
2010-02-03 | Name : Solaris Update for Apache 1.3 122911-19 File : nvt/gb_solaris_122911_19.nasl |
2010-02-03 | Name : Solaris Update for Apache 1.3 122912-19 File : nvt/gb_solaris_122912_19.nasl |
2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:091-1 (mod_perl) File : nvt/mdksa_2009_091_1.nasl |
2009-05-20 | Name : FreeBSD Ports: mod_perl File : nvt/freebsd_mod_perl0.nasl |
2009-04-20 | Name : Ubuntu USN-757-1 (gs-gpl) File : nvt/ubuntu_757_1.nasl |
2009-04-15 | Name : Mandrake Security Advisory MDVSA-2009:091 (mod_perl) File : nvt/mdksa_2009_091.nasl |
2009-04-13 | Name : Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting V... File : nvt/modperl_cve_2009_0796.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
53289 | Apache mod_perl Apache::Status /perl-status Unspecified XSS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes security issues. File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO |
2009-05-18 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4a63889541b711deb1cc00219b0fc4d8.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-091.nasl - Type : ACT_GATHER_INFO |
2009-04-07 | Name : The remote web server uses a module that is affected by a cross-site scriptin... File : mod_perl_status_uri_xss.nasl - Type : ACT_GATHER_INFO |
2006-07-18 | Name : The remote host is missing Sun Security Patch number 122911-37 File : solaris10_122911.nasl - Type : ACT_GATHER_INFO |
2006-07-18 | Name : The remote host is missing Sun Security Patch number 122912-37 File : solaris10_x86_122912.nasl - Type : ACT_GATHER_INFO |