JVN/CVE Demo: Nvdinfos

NVD

Id: 58383
Name: CVE-2007-6388
Description: Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Reject
CVSS Version: 2
CVSS Score: 4.3
Severity: Medium
CVSS Base Score: 4.3
CVSS Impact Subscore: 2.9
CVSS Exploit Subscore: 8.6
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Pub Date: 2017-01-07
Published: 2008-01-08
Modified Date: 2013-07-17
Seq: 2007-6388

Actions

Related NVD References

Id	NVD Id	NVD No.	Reference	Actions
299407	58383	CVE-2007-6388	http://docs.info.apple.com/article.html?artnum=307562	View
299408	58383	CVE-2007-6388	http://httpd.apache.org/security/vulnerabilities_13.html	View
299409	58383	CVE-2007-6388	http://httpd.apache.org/security/vulnerabilities_20.html	View
299410	58383	CVE-2007-6388	http://httpd.apache.org/security/vulnerabilities_22.html	View
299411	58383	CVE-2007-6388	APPLE-SA-2008-05-28	View
299412	58383	CVE-2007-6388	APPLE-SA-2008-03-18	View
299413	58383	CVE-2007-6388	SUSE-SA:2008:021	View
299414	58383	CVE-2007-6388	[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server	View
299415	58383	CVE-2007-6388	HPSBOV02683	View
299416	58383	CVE-2007-6388	oval:org.mitre.oval:def:10272	View
299417	58383	CVE-2007-6388	3541	View
299418	58383	CVE-2007-6388	1019154	View
299419	58383	CVE-2007-6388	SSA:2008-045-02	View
299420	58383	CVE-2007-6388	233623	View
299421	58383	CVE-2007-6388	http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm	View
299422	58383	CVE-2007-6388	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=689039	View
299423	58383	CVE-2007-6388	PK62966	View
299424	58383	CVE-2007-6388	PK63273	View
299425	58383	CVE-2007-6388	PK65782	View
299426	58383	CVE-2007-6388	PK59667	View
299427	58383	CVE-2007-6388	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html	View
299428	58383	CVE-2007-6388	MDVSA-2008:014	View
299429	58383	CVE-2007-6388	MDVSA-2008:015	View
299430	58383	CVE-2007-6388	MDVSA-2008:016	View
299431	58383	CVE-2007-6388	http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html	View
299432	58383	CVE-2007-6388	RHSA-2008:0004	View
299433	58383	CVE-2007-6388	RHSA-2008:0005	View
299434	58383	CVE-2007-6388	RHSA-2008:0006	View
299435	58383	CVE-2007-6388	RHSA-2008:0007	View
299436	58383	CVE-2007-6388	RHSA-2008:0008	View
299437	58383	CVE-2007-6388	RHSA-2008:0009	View
299438	58383	CVE-2007-6388	RHSA-2008:0261	View
299439	58383	CVE-2007-6388	HPSBUX02313	View
299440	58383	CVE-2007-6388	20080716 rPSA-2008-0035-1 httpd mod_ssl	View
299441	58383	CVE-2007-6388	HPSBMA02388	View
299442	58383	CVE-2007-6388	20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server	View
299443	58383	CVE-2007-6388	27237	View
299444	58383	CVE-2007-6388	USN-575-1	View
299445	58383	CVE-2007-6388	TA08-150A	View
299446	58383	CVE-2007-6388	ADV-2008-0047	View
299447	58383	CVE-2007-6388	ADV-2008-0447	View
299448	58383	CVE-2007-6388	ADV-2008-0554	View
299449	58383	CVE-2007-6388	ADV-2008-0809	View
299450	58383	CVE-2007-6388	ADV-2008-0924	View
299451	58383	CVE-2007-6388	ADV-2008-0986	View
299452	58383	CVE-2007-6388	ADV-2008-1224	View
299453	58383	CVE-2007-6388	ADV-2008-1623	View
299454	58383	CVE-2007-6388	ADV-2008-1697	View
299455	58383	CVE-2007-6388	http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf	View
299456	58383	CVE-2007-6388	apache-status-page-xss(39472)	View
299457	58383	CVE-2007-6388	FEDORA-2008-1711	View
299458	58383	CVE-2007-6388	FEDORA-2008-1695	View

Related JVN

Id	Name	Title	Summary	Cveinfo Name	Cveinfo Id	Nvdinfo Name	Nvdinfo Id	Cvssv2	Cvssv3	Jvnurl	Published Date	Last Updated Date	Actions
45691	JVNDB-2008-001001	Apache HTTP Server の mod_status におけるクロスサイトスクリプティングの脆弱性	Apache HTTP Server には、サーバステータスページを有効にしている場合、mod_status において、クロスサイトスクリプティングの脆弱性が存在します。	CVE-2007-6388	29743	CVE-2007-6388	58383	4.3		http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001001.html	2008-01-08	2014-05-21	View
46203	JVNDB-2008-001513	Hitachi Web Server のステータス情報表示機能におけるクロスサイトスクリプティング脆弱性	Hitachi Web Server のステータス情報表示機能には、クロスサイトスクリプティングの脆弱性があります。	CVE-2007-6388	29743	CVE-2007-6388	58383	4.3		http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001513.html	2008-07-04	2014-05-21	View

Message	Memory use
Component initialization	1.38 MB
Controller action start	1.49 MB
Controller render start	2.36 MB
View render complete	40.72 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.65
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	267.30
Event: Controller.beforeRender	5.03
» Processing toolbar data	4.95
Rendering View	1557.13
» Event: View.beforeRender	0.02
» Rendering APP/View/Nvdinfos/view.ctp	1491.75
» Event: View.afterRender	0.05
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	42.71
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	13.65
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/nvdinfos/view/58383
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/nvdinfos/view/58383
Remote Port	3964
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	18.118.28.11
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	18.118.28.11
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	18.118.28.11
Unique Id	aCPXcRw7YhEiWVDi-X6R4AAAAJE
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	18.118.28.11
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	18.118.28.11
Redirect Unique Id	aCPXcRw7YhEiWVDi-X6R4AAAAJE
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	18.118.28.11
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	18.118.28.11
Redirect Redirect Unique Id	aCPXcRw7YhEiWVDi-X6R4AAAAJE
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1747179377.5252
Request Time	1747179377

NVD

Actions

Related NVD References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files