Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform charset detection when the content-type is not specified.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Http_server | Apache | 1.3.2 (including) | 1.3.39 (excluding) |
Http_server | Apache | 2.0.0 (including) | 2.0.61 (excluding) |
Http_server | Apache | 2.2.0 (including) | 2.2.6 (excluding) |