CVE-2006-5752

Name: CVE-2006-5752
Creator: NVD / NIST
Published: 2007-06-27T17:30:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 27.78%

Last modified Jun 16, 2026

CVE-2006-5752 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.. EPSS estimates a 27.78% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.

Metrics

EPSS Probability

27.78%

97.8th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Apache	Http Server	>= 1.3.2, < 1.3.39
Apache	Http Server	>= 2.0.0, < 2.0.61
Apache	Http Server	>= 2.2.0, < 2.2.6
Canonical	Ubuntu Linux	6.06
Canonical	Ubuntu Linux	6.10
Canonical	Ubuntu Linux	7.04
Fedoraproject	Fedora	7
Redhat	Enterprise Linux Desktop	3.0
Redhat	Enterprise Linux Desktop	4.0
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	4.5
Redhat	Enterprise Linux Server	3.0
Redhat	Enterprise Linux Server	4.0
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Workstation	3.0
Redhat	Enterprise Linux Workstation	4.0
Redhat	Enterprise Linux Workstation	5.0

References

http://bugs.gentoo.org/show_bug.cgi?id=186219Issue Tracking, Third Party Advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112Issue Tracking, Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795Third Party Advisory
http://httpd.apache.org/security/vulnerabilities_13.htmlVendor Advisory
http://httpd.apache.org/security/vulnerabilities_20.htmlVendor Advisory
http://httpd.apache.org/security/vulnerabilities_22.htmlVendor Advisory
http://lists.vmware.com/pipermail/security-announce/2009/000062.htmlMailing List, Third Party Advisory
http://osvdb.org/37052Broken Link
http://rhn.redhat.com/errata/RHSA-2007-0534.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2007-0556.htmlThird Party Advisory
http://secunia.com/advisories/25827Not Applicable
http://secunia.com/advisories/25830Not Applicable
http://secunia.com/advisories/25873Not Applicable
http://secunia.com/advisories/25920Not Applicable
http://secunia.com/advisories/26273Not Applicable
http://secunia.com/advisories/26443Not Applicable
http://secunia.com/advisories/26458Not Applicable
http://secunia.com/advisories/26508Not Applicable
http://secunia.com/advisories/26822Not Applicable
http://secunia.com/advisories/26842Not Applicable
http://secunia.com/advisories/26993Not Applicable
http://secunia.com/advisories/27037Not Applicable
http://secunia.com/advisories/27563Not Applicable
http://secunia.com/advisories/27732Not Applicable
http://secunia.com/advisories/28212Not Applicable
http://secunia.com/advisories/28224Not Applicable
http://secunia.com/advisories/28606Not Applicable
http://security.gentoo.org/glsa/glsa-200711-06.xmlThird Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2007-353.htmThird Party Advisory
http://svn.apache.org/viewvc?view=rev&revision=549159Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=PK49295&apar=onlyThird Party Advisory
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.htmlThird Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:140Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:141Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:142Broken Link
http://www.novell.com/linux/security/advisories/2007_61_apache2.htmlBroken Link
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.htmlThird Party Advisory
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.htmlMailing List, Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0532.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0557.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0261.htmlThird Party Advisory
http://www.securityfocus.com/archive/1/505990/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/24645Patch, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1018302Broken Link, Third Party Advisory, VDB Entry
http://www.trustix.org/errata/2007/0026/Broken Link
http://www.ubuntu.com/usn/usn-499-1Third Party Advisory
http://www.vupen.com/english/advisories/2007/2727Permissions Required
http://www.vupen.com/english/advisories/2007/3283Permissions Required
http://www.vupen.com/english/advisories/2007/3386Permissions Required
http://www.vupen.com/english/advisories/2007/4305Permissions Required
http://www.vupen.com/english/advisories/2008/0233Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/35097Third Party Advisory, VDB Entry
https://issues.rpath.com/browse/RPL-1500Broken Link
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10154Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2007-0533.htmlThird Party Advisory
http://bugs.gentoo.org/show_bug.cgi?id=186219Issue Tracking, Third Party Advisory
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112Issue Tracking, Third Party Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795Third Party Advisory
http://httpd.apache.org/security/vulnerabilities_13.htmlVendor Advisory
http://httpd.apache.org/security/vulnerabilities_20.htmlVendor Advisory
http://httpd.apache.org/security/vulnerabilities_22.htmlVendor Advisory
http://lists.vmware.com/pipermail/security-announce/2009/000062.htmlMailing List, Third Party Advisory
http://osvdb.org/37052Broken Link
http://rhn.redhat.com/errata/RHSA-2007-0534.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2007-0556.htmlThird Party Advisory
http://secunia.com/advisories/25827Not Applicable
http://secunia.com/advisories/25830Not Applicable
http://secunia.com/advisories/25873Not Applicable
http://secunia.com/advisories/25920Not Applicable
http://secunia.com/advisories/26273Not Applicable
http://secunia.com/advisories/26443Not Applicable
http://secunia.com/advisories/26458Not Applicable
http://secunia.com/advisories/26508Not Applicable
http://secunia.com/advisories/26822Not Applicable
http://secunia.com/advisories/26842Not Applicable
http://secunia.com/advisories/26993Not Applicable
http://secunia.com/advisories/27037Not Applicable
http://secunia.com/advisories/27563Not Applicable
http://secunia.com/advisories/27732Not Applicable
http://secunia.com/advisories/28212Not Applicable
http://secunia.com/advisories/28224Not Applicable
http://secunia.com/advisories/28606Not Applicable
http://security.gentoo.org/glsa/glsa-200711-06.xmlThird Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103179-1Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200032-1Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2007-353.htmThird Party Advisory
http://svn.apache.org/viewvc?view=rev&revision=549159Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK52702Third Party Advisory
http://www-1.ibm.com/support/search.wss?rs=0&q=PK49295&apar=onlyThird Party Advisory
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.htmlThird Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:140Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:141Broken Link
http://www.mandriva.com/security/advisories?name=MDKSA-2007:142Broken Link
http://www.novell.com/linux/security/advisories/2007_61_apache2.htmlBroken Link
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.htmlThird Party Advisory
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.htmlMailing List, Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0532.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0557.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0261.htmlThird Party Advisory
http://www.securityfocus.com/archive/1/505990/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/24645Patch, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1018302Broken Link, Third Party Advisory, VDB Entry
http://www.trustix.org/errata/2007/0026/Broken Link
http://www.ubuntu.com/usn/usn-499-1Third Party Advisory
http://www.vupen.com/english/advisories/2007/2727Permissions Required
http://www.vupen.com/english/advisories/2007/3283Permissions Required
http://www.vupen.com/english/advisories/2007/3386Permissions Required
http://www.vupen.com/english/advisories/2007/4305Permissions Required
http://www.vupen.com/english/advisories/2008/0233Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/35097Third Party Advisory, VDB Entry
https://issues.rpath.com/browse/RPL-1500Broken Link
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10154Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2007-0533.htmlThird Party Advisory

Timeline

Published: Jun 27, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2006-5752?

How severe is CVE-2006-5752?

Severity scoring for CVE-2006-5752 is pending analysis. The EPSS model estimates a 27.78% probability of exploitation in the next 30 days.

How do I fix CVE-2006-5752?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-5752?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST