{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88187?format=json","vulnerability_id":"VCID-pbr8-a3hw-fyb7","summary":"Apache:: Status XSS flaw","aliases":[{"alias":"CVE-2009-0796"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926801?format=json","purl":"pkg:deb/debian/libapache2-mod-perl2@2.0.4-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-perl2@2.0.4-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1053924?format=json","purl":"pkg:deb/debian/libapache2-mod-perl2@2.0.4-7%2Bsqueeze1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vr7x-kn84-y3dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-perl2@2.0.4-7%252Bsqueeze1"},{"url":"http://public2.vulnerablecode.io/api/packages/926799?format=json","purl":"pkg:deb/debian/libapache2-mod-perl2@2.0.11-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-perl2@2.0.11-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926797?format=json","purl":"pkg:deb/debian/libapache2-mod-perl2@2.0.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-perl2@2.0.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926800?format=json","purl":"pkg:deb/debian/libapache2-mod-perl2@2.0.13-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-perl2@2.0.13-2%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1053921?format=json","purl":"pkg:deb/debian/libapache2-mod-perl2@1.999.21-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9zzc-scyf-ckdb"},{"vulnerability":"VCID-pbr8-a3hw-fyb7"},{"vulnerability":"VCID-vr7x-kn84-y3dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-perl2@1.999.21-1"},{"url":"http://public2.vulnerablecode.io/api/packages/1053922?format=json","purl":"pkg:deb/debian/libapache2-mod-perl2@2.0.2-2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9zzc-scyf-ckdb"},{"vulnerability":"VCID-pbr8-a3hw-fyb7"},{"vulnerability":"VCID-vr7x-kn84-y3dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-perl2@2.0.2-2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/1053923?format=json","purl":"pkg:deb/debian/libapache2-mod-perl2@2.0.4-5%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pbr8-a3hw-fyb7"},{"vulnerability":"VCID-vr7x-kn84-y3dv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libapache2-mod-perl2@2.0.4-5%252Blenny1"}],"references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0796.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0796.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0796","reference_id":"","reference_type":"","scores":[{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.98312","published_at":"2026-05-16T12:55:00Z"},{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.98278","published_at":"2026-04-01T12:55:00Z"},{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.9828","published_at":"2026-04-02T12:55:00Z"},{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.98283","published_at":"2026-04-04T12:55:00Z"},{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.98284","published_at":"2026-04-07T12:55:00Z"},{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.98288","published_at":"2026-04-08T12:55:00Z"},{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.98289","published_at":"2026-04-09T12:55:00Z"},{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.98293","published_at":"2026-04-13T12:55:00Z"},{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.98299","published_at":"2026-04-21T12:55:00Z"},{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.983","published_at":"2026-04-18T12:55:00Z"},{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.98302","published_at":"2026-04-29T12:55:00Z"},{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.98304","published_at":"2026-04-26T12:55:00Z"},{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.98306","published_at":"2026-05-07T12:55:00Z"},{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.98309","published_at":"2026-05-11T12:55:00Z"},{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.98311","published_at":"2026-05-12T12:55:00Z"},{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.98313","published_at":"2026-05-14T12:55:00Z"},{"value":"0.60732","scoring_system":"epss","scoring_elements":"0.98314","published_at":"2026-05-15T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796"},{"reference_url":"http://secunia.com/advisories/34597","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/34597"},{"reference_url":"https://launchpad.net/bugs/cve/2009-0796","reference_id":"","reference_type":"","scores":[],"url":"https://launchpad.net/bugs/cve/2009-0796"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8488","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8488"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1","reference_id":"","reference_type":"","scores":[],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021709.1-1","reference_id":"","reference_type":"","scores":[],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021709.1-1"},{"reference_url":"http://support.apple.com/kb/HT4435","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT4435"},{"reference_url":"http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?r1=177851&r2=761081&pathrev=761081&diff_format=h","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc/perl/modperl/branches/1.x/lib/Apache/Status.pm?r1=177851&r2=761081&pathrev=761081&diff_format=h"},{"reference_url":"http://svn.apache.org/viewvc?view=rev&revision=761081","reference_id":"","reference_type":"","scores":[],"url":"http://svn.apache.org/viewvc?view=rev&revision=761081"},{"reference_url":"http://www.gossamer-threads.com/lists/modperl/modperl/99475#99475","reference_id":"","reference_type":"","scores":[],"url":"http://www.gossamer-threads.com/lists/modperl/modperl/99475#99475"},{"reference_url":"http://www.gossamer-threads.com/lists/modperl/modperl-cvs/99477#99477","reference_id":"","reference_type":"","scores":[],"url":"http://www.gossamer-threads.com/lists/modperl/modperl-cvs/99477#99477"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:091","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2009:091"},{"reference_url":"http://www.securityfocus.com/archive/1/502709/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/502709/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/bid/34383","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/34383"},{"reference_url":"http://www.securitytracker.com/id?1021988","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1021988"},{"reference_url":"http://www.vupen.com/english/advisories/2009/0943","reference_id":"","reference_type":"","scores":[],"url":"http://www.vupen.com/english/advisories/2009/0943"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=494402","reference_id":"494402","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=494402"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567635","reference_id":"567635","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567635"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:mod_perl:1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:mod_perl:1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:mod_perl:1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:mod_perl:2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:mod_perl:2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:mod_perl:2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0796","reference_id":"CVE-2009-0796","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0796"}],"weaknesses":[{"cwe_id":79,"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."}],"exploits":[{"date_added":"2009-11-08","description":"Apache mod_perl - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2009-11-09","exploit_type":"remote","platform":"multiple","source_date_updated":"2017-01-31","data_source":"Exploit-DB","source_url":"https://www.securityfocus.com/bid/34383/info"}],"severity_range_score":"2.6 - 2.6","exploitability":"2.0","weighted_severity":"2.3","risk_score":4.6,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbr8-a3hw-fyb7"}