• info
• discussion
• exploit
• solution
• references

Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability

Solution:
The vendor has released a fix through the SVN repository. Please see the references for more information.


Mandriva Linux Mandrake 2008.0

• Mandriva apache-mod_perl-2.0.3-7.1mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva apache-mod_perl-devel-2.0.3-7.1mdv2008.0.i586.rpm
  http://www.mandriva.com/en/download/

Apple Mac OS X 10.6

• Apple MacOSXUpdCombo10.6.5.dmg
  For Mac OS X v10.6 - v10.6.3
  http://www.apple.com/support/downloads/

Mandriva Linux Mandrake 2009.0 x86_64

• Mandriva apache-mod_perl-2.0.4-2.1mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva apache-mod_perl-devel-2.0.4-2.1mdv2009.0.x86_64.rpm
  http://www.mandriva.com/en/download/

Mandriva Linux Mandrake 2008.1 x86_64

• Mandriva apache-mod_perl-2.0.4-1.1mdv2008.1.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva apache-mod_perl-devel-2.0.4-1.1mdv2008.1.x86_64.rpm
  http://www.mandriva.com/en/download/

Mandriva Linux Mandrake 2008.1

• Mandriva apache-mod_perl-2.0.4-1.1mdv2008.1.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva apache-mod_perl-devel-2.0.4-1.1mdv2008.1.i586.rpm
  http://www.mandriva.com/en/download/

Sun Solaris 9_sparc

• Sun 113146-13
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113146-13-1

Mandriva Linux Mandrake 2009.0

• Mandriva apache-mod_perl-2.0.4-2.1mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva apache-mod_perl-devel-2.0.4-2.1mdv2009.0.i586.rpm
  http://www.mandriva.com/en/download/

Apple Mac OS X Server 10.6

• Apple MacOSXServUpdCombo10.6.5.dmg
  For Mac OS X Server v10.6 - v10.6.3
  http://www.apple.com/support/downloads/

Mandriva Linux Mandrake 2008.0 x86_64

• Mandriva apache-mod_perl-2.0.3-7.1mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva apache-mod_perl-devel-2.0.3-7.1mdv2008.0.x86_64.rpm
  http://www.mandriva.com/en/download/

Apple Mac OS X 10.5.8

• Apple SecUpd2010-007.dmg
  For Mac OS X v10.5.8
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.6.1

• Apple MacOSXUpdCombo10.6.5.dmg
  For Mac OS X v10.6 - v10.6.3
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.6.3

• Apple MacOSXUpdCombo10.6.5.dmg
  For Mac OS X v10.6 - v10.6.3
  http://www.apple.com/support/downloads/

Apple Mac OS X 10.6.4

• Apple MacOSXUpd10.6.5.dmg
  For Mac OS X v10.6.4
  http://www.apple.com/support/downloads/

Apple Mac OS X Server 10.6.4

• Apple MacOSXServerUpd10.6.5.dmg
  For Mac OS X Server v10.6.4
  http://www.apple.com/support/downloads/

MandrakeSoft Corporate Server 3.0

• Mandriva apache-mod_perl-1.3.29_1.29-3.3.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva apache2-mod_perl-2.0.48_1.99_11-3.2.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva apache2-mod_perl-devel-2.0.48_1.99_11-3.2.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva HTML-Embperl-1.3.29_1.3.6-3.3.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva mod_perl-common-1.3.29_1.29-3.3.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/


• Mandriva mod_perl-devel-1.3.29_1.29-3.3.C30mdk.i586.rpm
  http://www.mandriva.com/en/download/

MandrakeSoft Corporate Server 4.0 x86_64

• Mandriva apache-mod_perl-2.0.2-8.2.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/


• Mandriva apache-mod_perl-devel-2.0.2-8.2.20060mlcs4.x86_64.rpm
  http://www.mandriva.com/en/download/