CVE-2006-5752
EPSS 18.4%
Description
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
How to fix CVE-2006-5752
To remediate CVE-2006-5752, upgrade the affected package to a fixed version below.
- Debian/apache2—upgrade to 2.2.4-2 or later
Is CVE-2006-5752 being exploited?
Moderate — EPSS is 18.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 2.2.4-2