[VIM] correct CVE for mod_perl Apache::Status XSS

Steven M. Christey coley at linus.mitre.org
Wed Apr 8 15:14:08 UTC 2009

On Mon, 6 Apr 2009, Stuart Moore wrote:

> Fred Moyer's e-mail message to the perl-advocacy mod_perl mailing list
> regarding the Apache::Status XSS bug mentioned CVE-2009-0796 in the
> subject line and CVE-2009-0795 in the body of the message.

We've rejected CVE-2009-0795, which had already been assigned to a
separate issue in rose_sendmsg/kernel, which has been reassigned to

- Steve

Name: CVE-2009-0795
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0795

** REJECT **

CVE-2009-1265.  Reason: this candidate was intended for one issue, but
a typo caused it to be associated with a different issue.  Notes: All
CVE users should consult CVE-2009-0796 and CVE-2009-1265 to determine
which ID is appropriate.  All references and descriptions in this
candidate have been removed to prevent accidental usage.

Name: CVE-2009-0796
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796
Reference: MLIST:[modperl-cvs] 20090401 svn commit: r761081 - in /perl/modperl/branches/1.x: Changes lib/Apache/Status.pm
Reference: URL:http://www.gossamer-threads.com/lists/modperl/modperl-cvs/99477#99477
Reference: MLIST:[modperl] 20090401 [SECURITY] [CVE-2009-0796] Vulnerability found in Apache::Status and Apache2::Status
Reference: URL:http://www.gossamer-threads.com/lists/modperl/modperl/99475#99475
Reference: MISC:https://launchpad.net/bugs/cve/2009-0796
Reference: CONFIRM:http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?r1=177851&r2=761081&pathrev=761081&diff_format=h
Reference: CONFIRM:http://svn.apache.org/viewvc?view=rev&revision=761081
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=494402

Cross-site scripting (XSS) vulnerability in Status.pm in
Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the
Apache HTTP Server, when /perl-status is accessible, allows remote
attackers to inject arbitrary web script or HTML via the URI.

Name: CVE-2009-1265
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1265
Reference: MISC:http://bugzilla.kernel.org/show_bug.cgi?id=10423
Reference: CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=83e0bbcbe2145f160fbaa109b0439dae7f4a38a9

Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux
kernel, and other versions before 2.6.30-rc1, might allow
remote attackers to obtain sensitive information via a large length
value, which causes "garbage" memory to be sent.

More information about the VIM mailing list