The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 103179 Security Vulnerabilities in the Apache 1.3 and 2.0 Web Server Daemon and "mod_status" Module May Lead to Cross Site Scripting (XSS) or Denial of Service (DoS).

Guest Author
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System

Two security vulnerabilities exist in the Apache HTTP server which may affect the Apache 2.0 web server bundled with Solaris 10 and the Apache 1.3 web server bundled with Solaris 8, Solaris 9 and Solaris 10.

The first issue, a Cross Site Scripting (CSS or XSS) vulnerability in the "mod_status" Apache server module (CVE-2006-5752), may allow a local or remote unprivileged user to inject arbitrary web script or HTML. This may allow an unprivileged user to bypass access control and gain access to unauthorized data.

The second issue, a vulnerability in the Apache HTTP server daemon (CVE-2007-3304), may allow a local user to send signals to an arbitrary process resulting in a Denial of Service (DoS).

Additional information regarding these issues is available at:

The Change Log for Apache 2.0, at:

The Change Log for Apache 1.3, at:

CVE-2006-5752 at:

CVE-2007-3304 at:

Avoidance: Patch, Workaround
State: Workaround
First released: 21-Dec-2007

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.