{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T09:10:30.079","vulnerabilities":[{"cve":{"id":"CVE-2009-0796","sourceIdentifier":"secalert@redhat.com","published":"2009-04-07T23:30:00.233","lastModified":"2025-04-09T00:30:58.490","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI."},{"lang":"es","value":"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Status.pm en Apache::Status y Apache2::Status en mod_perl1 y mod_perl2 para Apache HTTP Server, cuando /perl-status esta accesible, permite a atacantes remotos inyectar código web o HTML de modo arbitrario a través de la URI."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:N/I:P/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:mod_perl:1:*:*:*:*:*:*:*","matchCriteriaId":"D7612B6F-0CBF-4866-8293-37EF407C7BD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:mod_perl:2:*:*:*:*:*:*:*","matchCriteriaId":"B8639339-6C55-43A0-BCF1-56C75A6CA19B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","matchCriteriaId":"5A6CD1F4-4C0E-4989-A2B3-DC086E8E80A3"}]}]}],"references":[{"url":"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html","source":"secalert@redhat.com"},{"url":"http://secunia.com/advisories/34597","source":"secalert@redhat.com"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1","source":"secalert@redhat.com"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021709.1-1","source":"secalert@redhat.com"},{"url":"http://support.apple.com/kb/HT4435","source":"secalert@redhat.com"},{"url":"http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?r1=177851&r2=761081&pathrev=761081&diff_format=h","source":"secalert@redhat.com"},{"url":"http://svn.apache.org/viewvc?view=rev&revision=761081","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.gossamer-threads.com/lists/modperl/modperl-cvs/99477#99477","source":"secalert@redhat.com","tags":["Exploit"]},{"url":"http://www.gossamer-threads.com/lists/modperl/modperl/99475#99475","source":"secalert@redhat.com","tags":["Exploit"]},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:091","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/archive/1/502709/100/0/threaded","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/bid/34383","source":"secalert@redhat.com"},{"url":"http://www.securitytracker.com/id?1021988","source":"secalert@redhat.com"},{"url":"http://www.vupen.com/english/advisories/2009/0943","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=494402","source":"secalert@redhat.com"},{"url":"https://launchpad.net/bugs/cve/2009-0796","source":"secalert@redhat.com"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8488","source":"secalert@redhat.com"},{"url":"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/34597","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021709.1-1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://support.apple.com/kb/HT4435","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?r1=177851&r2=761081&pathrev=761081&diff_format=h","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://svn.apache.org/viewvc?view=rev&revision=761081","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.gossamer-threads.com/lists/modperl/modperl-cvs/99477#99477","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.gossamer-threads.com/lists/modperl/modperl/99475#99475","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:091","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/502709/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/34383","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id?1021988","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2009/0943","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=494402","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://launchpad.net/bugs/cve/2009-0796","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8488","source":"af854a3a-2127-422b-91ae-364da2661108"}],"vendorComments":[{"organization":"Red Hat","comment":"Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0796\n\nThe Red Hat Security Response Team has rated this issue as having moderate security impact, a future mod_perl package update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/","lastModified":"2009-06-11T00:00:00"}]}}]}