Vulnerability Name:

CVE-2006-5752 (CCN-35097)

Assigned:2006-11-06
Published:2007-06-20
Updated:2021-06-06
Summary:Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
CWE-79
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=186219

Source: MISC
Type: UNKNOWN
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112

Source: MITRE
Type: CNA
CVE-2006-5752

Source: MITRE
Type: CNA
CVE-2007-5809

Source: CCN
Type: HP Security Bulletin HPSBUX02262 SSRT071447
HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)

Source: HP
Type: UNKNOWN
SSRT071447

Source: CCN
Type: Apache HTTP Server Web site
Welcome! - The Apache HTTP Server Project

Source: CCN
Type: Apache Web site
moderate: mod_status cross-site scripting CVE-2006-5752

Source: CONFIRM
Type: UNKNOWN
http://httpd.apache.org/security/vulnerabilities_13.html

Source: CONFIRM
Type: UNKNOWN
http://httpd.apache.org/security/vulnerabilities_20.html

Source: CONFIRM
Type: UNKNOWN
http://httpd.apache.org/security/vulnerabilities_22.html

Source: MLIST
Type: UNKNOWN
[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server

Source: OSVDB
Type: UNKNOWN
37052

Source: CCN
Type: RHSA-2007-0532
Moderate: apache security update

Source: CCN
Type: RHSA-2007-0533
Moderate: httpd security update

Source: CCN
Type: RHSA-2007-0534
Moderate: httpd security update

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0534

Source: CCN
Type: RHSA-2007-0556
Moderate: httpd security update

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0556

Source: CCN
Type: RHSA-2007-0557
Moderate: httpd security update

Source: CCN
Type: RHSA-2008-0261
Moderate: Red Hat Network Satellite Server security update

Source: CCN
Type: RHSA-2008-0263
Low: Red Hat Network Proxy Server security update

Source: CCN
Type: RHSA-2008-0523
Low: Red Hat Network Proxy Server security update

Source: CCN
Type: RHSA-2008-0524
Low: Red Hat Network Satellite Server security update

Source: CCN
Type: RHSA-2010-0602
Moderate: Red Hat Certificate System 7.3 security update

Source: SECUNIA
Type: UNKNOWN
25827

Source: SECUNIA
Type: UNKNOWN
25830

Source: SECUNIA
Type: UNKNOWN
25873

Source: SECUNIA
Type: UNKNOWN
25920

Source: CCN
Type: SA26273
Apache Denial of Service and Cross-Site Scripting

Source: SECUNIA
Type: UNKNOWN
26273

Source: SECUNIA
Type: UNKNOWN
26443

Source: CCN
Type: SA26458
IBM HTTP Server "mod_status" Cross-Site Scripting

Source: SECUNIA
Type: UNKNOWN
26458

Source: CCN
Type: SA26508
Avaya Products Perl Net::DNS and Apache Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
26508

Source: SECUNIA
Type: UNKNOWN
26822

Source: SECUNIA
Type: UNKNOWN
26842

Source: CCN
Type: SA26993
IBM WebSphere Application Server for z/OS HTTP Server Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
26993

Source: SECUNIA
Type: UNKNOWN
27037

Source: CCN
Type: SA27421
Hitachi Web Server Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
27563

Source: SECUNIA
Type: UNKNOWN
27732

Source: CCN
Type: SA28212
Sun Solaris Apache Cross-Site Scripting and Denial of Service

Source: SECUNIA
Type: UNKNOWN
28212

Source: CCN
Type: SA28224
Sun Solaris Apache Cross-Site Scripting and Denial of Service

Source: SECUNIA
Type: UNKNOWN
28224

Source: CCN
Type: SA28606
Interstage HTTP Server Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28606

Source: GENTOO
Type: UNKNOWN
GLSA-200711-06

Source: CCN
Type: SECTRACK ID: 1018302
Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks

Source: CCN
Type: Sun Alert ID: 103179
Security Vulnerabilities in the Apache 1.3 and 2.0 Web Server Daemon and "mod_status" Module May Lead to Cross Site Scripting (XSS) or Denial of Service (DoS).

Source: SUNALERT
Type: UNKNOWN
103179

Source: SUNALERT
Type: UNKNOWN
200032

Source: CCN
Type: ASA-2007-288
Apache security update (RHSA-2007-0532)

Source: CCN
Type: ASA-2007-327
httpd security update (RHSA-2007-0533 and RHSA-2007-0534)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2007-353.htm

Source: CCN
Type: ASA-2007-353
httpd security update (RHSA-2007-0557)

Source: CCN
Type: ASA-2007-416
HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) (HPSBUX02262)

Source: CCN
Type: ASA-2008-012
Security Vulnerabilities in the Apache 1.3 and 2.0 Web Server Daemon and "mod_status" Module May Lead to Cross Site Scripting (XSS) or Denial of Service (DoS) (SUN 103179)

Source: CCN
Type: Nortel BULLETIN ID: 2008008602, Rev 1
Nortel Response to Apache 1.3 and 2.0 Web Server Daemon Vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://svn.apache.org/viewvc?view=rev&revision=549159

Source: CCN
Type: APAR PK53584
IBM HTTP SERVER 2.0.47 CUMULATIVE E-FIX

Source: CCN
Type: APAR PK49295
CVE-2006-5752 MOD_STATUS CROSS-SITE SCRIPTING VULNERABILITY

Source: AIXAPAR
Type: UNKNOWN
PK52702

Source: CCN
Type: APAR PK52702
Z/OS IBM HTTP SERVER FOR WEBSPHERE (POWERED BY APACHE) FIX PACK 6.1.0.13

Source: AIXAPAR
Type: UNKNOWN
PK49295

Source: CCN
Type: FUJITSU Web site
Cross site scripting (XSS) and denial of service (DoS) vulnerabilities in Interstage HTTP Server. January 22nd, 2008

Source: CONFIRM
Type: UNKNOWN
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html

Source: CCN
Type: GLSA-200711-06
Apache: Multiple vulnerabilities

Source: CCN
Type: Hitachi Security Vulnerability Information HS07-035
Cross-Site Scripting Vulnerability in Hitachi Web Server Function for Creating Server-Status Pages

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:140

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:141

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:142

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:061

Source: CCN
Type: Oracle Web Site
Oracle Critical Patch Update - July 2013

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

Source: CCN
Type: OSVDB ID: 37052
Apache HTTP Server mod_status mod_status.c Unspecified XSS

Source: CCN
Type: OSVDB ID: 42027
Hitachi Web Server Server-status Page Creation Unspecified XSS

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-2214

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0532

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0557

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0261

Source: BUGTRAQ
Type: UNKNOWN
20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server

Source: BID
Type: Patch
24645

Source: CCN
Type: BID-24645
Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability

Source: CCN
Type: BID-26271
Hitachi Web Server HTML Injection Vulnerability and Signature Forgery Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018302

Source: TRUSTIX
Type: UNKNOWN
2007-0026

Source: CCN
Type: TLSA-2007-41
Two vulnerabilities discovered in httpd

Source: CCN
Type: USN-499-1
Apache vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-499-1

Source: VUPEN
Type: UNKNOWN
ADV-2007-2727

Source: VUPEN
Type: UNKNOWN
ADV-2007-3283

Source: VUPEN
Type: UNKNOWN
ADV-2007-3386

Source: VUPEN
Type: UNKNOWN
ADV-2007-4305

Source: VUPEN
Type: UNKNOWN
ADV-2008-0233

Source: XF
Type: UNKNOWN
apache-modstatus-xss(35097)

Source: XF
Type: UNKNOWN
apache-modstatus-xss(35097)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1500

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10154

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0533

Source: SUSE
Type: SUSE-SA:2007:061
Apache2 security issues

Vulnerable Configuration:Configuration 1:
  • cpe:/o:redhat:enterprise_linux:3.0:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5.0:*:desktop_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.0:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.0:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.0:*:ws:*:*:*:*:*
  • AND
  • cpe:/a:apache:http_server:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.4:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:2.0.60:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.37:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.59:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:certificate_system:7.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:2.0.47:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:message_networking:-:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::es:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:network_proxy:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:network_proxy:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:http_server:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20065752
    V
    		CVE-2006-5752
    2022-06-30
    oval:org.opensuse.security:def:42270
    P
    		Security update for permissions (Moderate)
    2022-01-20
    oval:org.opensuse.security:def:111948
    P
    		apache2-2.4.49-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:31330
    P
    		Security update for xorg-x11-server (Important)
    2021-12-14
    oval:org.opensuse.security:def:33045
    P
    		Security update for postgresql96 (Important)
    2021-11-22
    oval:org.opensuse.security:def:31705
    P
    		Security update for postgresql, postgresql13, postgresql14 (Important)
    2021-11-20
    oval:org.opensuse.security:def:31300
    P
    		Security update for MozillaFirefox (Important)
    2021-11-17
    oval:org.opensuse.security:def:32214
    P
    		Security update for pcre (Moderate)
    2021-11-10
    oval:org.opensuse.security:def:31697
    P
    		Security update for opensc (Important)
    2021-10-29
    oval:org.opensuse.security:def:26145
    P
    		Security update for the Linux Kernel (Important)
    2021-10-12
    oval:org.opensuse.security:def:105514
    P
    		apache2-2.4.49-1.1 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:26131
    P
    		Security update for xen (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:33006
    P
    		Security update for openssl (Low)
    2021-09-20
    oval:org.opensuse.security:def:26123
    P
    		Security update for openssl-1_0_0 (Low)
    2021-09-09
    oval:org.opensuse.security:def:32158
    P
    		Security update for dbus-1 (Important)
    2021-08-02
    oval:org.opensuse.security:def:32150
    P
    		Security update for the Linux Kernel (Important)
    2021-07-22
    oval:org.opensuse.security:def:31656
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:26092
    P
    		Security update for the Linux Kernel (Important)
    2021-07-20
    oval:org.opensuse.security:def:31221
    P
    		Security update for MozillaFirefox (Important)
    2021-07-16
    oval:org.opensuse.security:def:31208
    P
    		Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-06-18
    oval:org.opensuse.security:def:31640
    P
    		Security update for java-1_8_0-openjdk (Moderate)
    2021-06-15
    oval:org.opensuse.security:def:36370
    P
    		apache2-2.2.12-1.51.52.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42489
    P
    		apache2-2.2.12-1.51.52.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:31634
    P
    		Security update for qemu (Important)
    2021-06-08
    oval:org.opensuse.security:def:36082
    P
    		apache2-2.2.12-1.51.52.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:32106
    P
    		Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)
    2021-06-04
    oval:org.opensuse.security:def:26057
    P
    		Security update for libX11 (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:42074
    P
    		Security update for libxml2 (Important)
    2021-05-19
    oval:org.opensuse.security:def:26043
    P
    		Security update for bind (Important)
    2021-05-04
    oval:org.opensuse.security:def:32084
    P
    		Security update for gdm (Important)
    2021-04-28
    oval:org.opensuse.security:def:31147
    P
    		Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-04-07
    oval:org.opensuse.security:def:31745
    P
    		Security update for glib2 (Important)
    2021-03-16
    oval:org.opensuse.security:def:31353
    P
    		Security update for the Linux Kernel (Important)
    2021-03-09
    oval:org.opensuse.security:def:26208
    P
    		Security update for git (Important)
    2021-03-09
    oval:org.opensuse.security:def:26204
    P
    		Security update for freeradius-server (Low)
    2021-03-04
    oval:org.opensuse.security:def:32263
    P
    		Security update for java-1_8_0-ibm (Important)
    2021-02-26
    oval:org.opensuse.security:def:31342
    P
    		Security update for screen (Important)
    2021-02-17
    oval:org.opensuse.security:def:31331
    P
    		Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)
    2021-02-10
    oval:org.opensuse.security:def:26189
    P
    		Security update for subversion (Important)
    2021-02-10
    oval:org.opensuse.security:def:31357
    P
    		Security update for MozillaFirefox (Important)
    2021-01-12
    oval:org.opensuse.security:def:31744
    P
    		Security update for MozillaFirefox (Important)
    2021-01-12
    oval:org.opensuse.security:def:25973
    P
    		Security update for the Linux Kernel (Important)
    2020-12-09
    oval:org.opensuse.security:def:31560
    P
    		Security update for python-cryptography (Moderate)
    2020-12-04
    oval:org.opensuse.security:def:35522
    P
    		apache2-2.2.10-2.24.5 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35667
    P
    		apache2-2.2.12-1.28.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:41929
    P
    		apache2-2.2.10-2.24.5 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:32002
    P
    		Security update for gdm (Important)
    2020-12-03
    oval:org.opensuse.security:def:35863
    P
    		apache2-2.2.12-1.38.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:31136
    P
    		Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:25916
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:31911
    P
    		Security update for gcc43 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31548
    P
    		Security update for sblim-sfcb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25795
    P
    		Security update for kernel-source (Important)
    2020-12-01
    oval:org.opensuse.security:def:27368
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25218
    P
    		Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25791
    P
    		Security update for kernel-source (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32593
    P
    		perl-HTML-Parser on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32368
    P
    		Security update for tar (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25230
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26549
    P
    		ft2demos on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25994
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25632
    P
    		Security update for aspell (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25358
    P
    		Security update for tomcat (Important)
    2020-12-01
    oval:org.opensuse.security:def:31600
    P
    		Security update for tightvnc (Important)
    2020-12-01
    oval:org.opensuse.security:def:30990
    P
    		Security update for jakarta-commons-fileupload
    2020-12-01
    oval:org.opensuse.security:def:25422
    P
    		Security update for postgresql10 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31784
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26637
    P
    		ruby on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26667
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25707
    P
    		Security update for java-1_7_1-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25499
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31850
    P
    		Security update for clamav (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27045
    P
    		tgt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31002
    P
    		Security update for java-1_6_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:25755
    P
    		Security update for libreoffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31810
    P
    		Security update for apache2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25703
    P
    		Security update for squid (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25074
    P
    		Security update for cups (Important)
    2020-12-01
    oval:org.opensuse.security:def:25990
    P
    		Security update for libvpx (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32302
    P
    		Security update for python (Important)
    2020-12-01
    oval:org.opensuse.security:def:32487
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25413
    P
    		Security update for ucode-intel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31416
    P
    		Security update for php53 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26345
    P
    		Security update for libgit2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25936
    P
    		Security update for libreoffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32788
    P
    		star on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25149
    P
    		Security update for openssl-1_1 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31502
    P
    		Security update for python27 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26310
    P
    		Security update for Cloud Compute 12 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26487
    P
    		Security update for redis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25425
    P
    		Security update for bluez (Important)
    2020-12-01
    oval:org.opensuse.security:def:31858
    P
    		Security update for cups (Important)
    2020-12-01
    oval:org.opensuse.security:def:25920
    P
    		Security update for gstreamer-plugins-base (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25503
    P
    		Security update for apache2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26363
    P
    		Security update for libgit2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31135
    P
    		Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:25617
    P
    		Security update for jasper (Low)
    2020-12-01
    oval:org.opensuse.security:def:26862
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25995
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25644
    P
    		Security update for taglib (Low)
    2020-12-01
    oval:org.opensuse.security:def:32045
    P
    		Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27333
    P
    		xorg-x11-libXrender-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25752
    P
    		Security update for libreoffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31955
    P
    		Security update for gstreamer-0_10-plugins-good (Important)
    2020-12-01
    oval:org.opensuse.security:def:31549
    P
    		Security update for screen (Low)
    2020-12-01
    oval:org.opensuse.security:def:25848
    P
    		Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32324
    P
    		Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:25219
    P
    		Security update for java-1_8_0-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25805
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:32632
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25631
    P
    		Security update for tar (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31444
    P
    		Security update for poppler (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25294
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:26598
    P
    		libpulse-browse0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26632
    P
    		puppet on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25643
    P
    		Security update for hunspell (Low)
    2020-12-01
    oval:org.opensuse.security:def:25415
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31801
    P
    		security update for xen (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26407
    P
    		Security update for libmad (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30991
    P
    		Security update for jakarta-commons-fileupload (Important)
    2020-12-01
    oval:org.opensuse.security:def:25698
    P
    		Security update for dpdk (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31940
    P
    		Recommended update for glibc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26651
    P
    		xen on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25835
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25650
    P
    		Security update for SDL (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31889
    P
    		Security update for evince (Important)
    2020-12-01
    oval:org.opensuse.security:def:27080
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25073
    P
    		Security update for sqlite3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31076
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25839
    P
    		Security update for gimp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32448
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:26261
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25897
    P
    		Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:25085
    P
    		Security update for permissions (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31445
    P
    		Security update for poppler (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25849
    P
    		Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:25414
    P
    		Security update for java-1_7_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:31766
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26496
    P
    		Security update for tmux (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25950
    P
    		Security update for evince (Important)
    2020-12-01
    oval:org.opensuse.security:def:32827
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25919
    P
    		Security update for libplist (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25277
    P
    		Security update for git (Important)
    2020-12-01
    oval:org.opensuse.security:def:31589
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26349
    P
    		Security update for redis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26522
    P
    		apache2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25489
    P
    		Security update for pam_radius (Important)
    2020-12-01
    oval:org.opensuse.security:def:31915
    P
    		Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26827
    P
    		sysstat on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25931
    P
    		Security update for libcares2 (Low)
    2020-12-01
    oval:org.opensuse.security:def:25560
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31996
    P
    		Security update for java-1_7_1-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26695
    P
    		fetchmail on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:22543
    P
    		ELSA-2007:0556: httpd security update (Moderate)
    2014-05-26
    oval:org.mitre.oval:def:10154
    V
    		Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
    2013-04-29
    oval:com.redhat.rhsa:def:20070534
    P
    		RHSA-2007:0534: httpd security update (Moderate)
    2008-03-20
    oval:com.redhat.rhsa:def:20070533
    P
    		RHSA-2007:0533: httpd security update (Moderate)
    2007-06-27
    oval:com.redhat.rhsa:def:20070556
    P
    		RHSA-2007:0556: httpd security update (Moderate)
    2007-06-26
    BACK
    redhat enterprise linux 3.0
    redhat enterprise linux 3.0
    redhat enterprise linux desktop 4.0
    redhat linux advanced workstation 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3.0
    redhat enterprise linux 5.0
    redhat enterprise linux desktop 3.0
    redhat enterprise linux 4.0
    redhat enterprise linux 4.0
    redhat linux advanced workstation 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 5.0
    redhat enterprise linux 4.0
    apache http server 2.2.0
    apache http server 2.2.3
    apache http server 2.2.4
    apache http server 2.0.60
    apache http server 1.3.37
    apache http server 2.0.59
    apache http server 2.2.4
    ibm http server 6.1
    redhat certificate system 7.3
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    hp hp-ux b.11.11
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    ibm http server 2.0.47
    redhat enterprise linux 3
    hp hp-ux b.11.23
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell open enterprise server *
    mandrakesoft mandrake multi network firewall 2.0
    avaya message networking -
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    suse suse linux 10.1
    novell suse linux enterprise server 10 sp2
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux fuji
    redhat enterprise linux desktop 5.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    canonical ubuntu 7.04
    hp hp-ux b.11.31
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    redhat enterprise linux 4.5.z
    redhat enterprise linux 4.5.z
    novell open enterprise server *
    redhat network proxy 4.2
    redhat network proxy 5.0
    novell opensuse 10.2
    novell opensuse 10.3
    oracle http server -