Product: Solaris 8, Solaris 9, Solaris 10, OpenSolaris

A cross-site scripting (XSS) vulnerability in the Apache 1.3 HTTPserver "mod_perl" module's perl-status utility may allow anunprivileged remote user to inject arbitrary web script or HTML whileaccessing a crafted URL to perl-status utility. This can result invarious impacts including the theft of sensitive information such ascookie information, access to user credentials or the hijacking ofsessions.

Additional information regarding this issue is available at:

CVE-2009-0796 at http://cve.mitre.org/cgi-bin/cvename...=CVE-2009-0796


State: Workaround
First released: 15-Dec-2009
Sun Alert Link: http://sunsolve.sun.com/search/docum...=1-66-274110-1


More...