CVE-2007-6388

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 1.3.2 through 1.3.39 Apache HTTP Server versions 2.0.35 through 2.0.61 Apache HTTP Server versions 2.2.0 through 2.2.6

Description A cross-site scripting (XSS) issue exists in the mod status module of the Apache HTTP Server. This issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when the server-status page is enabled. The server-status page is not enabled by default, and it is recommended to keep it non-public to avoid potential attacks.

Recommendations For Apache HTTP Server versions 1.3.2 through 1.3.39, consider disabling the mod status module to prevent exploitation. For Apache HTTP Server versions 2.0.35 through 2.0.61, restrict access to the server-status page to minimize the risk of cross-site scripting attacks. For Apache HTTP Server versions 2.2.0 through 2.2.6, avoid making the server-status page publicly accessible as a temporary workaround until a patch is available.