CVE-2006-5752

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server (httpd) (affected versions not specified)

Description: A cross-site scripting (XSS) issue exists in the mod status module when ExtendedStatus is enabled and a public server-status page is used. This allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. The issue can lead to a cross-site scripting attack on sites where the server-status page is publicly accessible.

Recommendations: For Apache HTTP Server (httpd), disable the server-status page or restrict access to it to prevent exploitation. As a temporary workaround, consider disabling the ExtendedStatus feature in the mod status module until a patch is available. Restrict access to the mod status module to minimize the risk of exploitation.