[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-4465Date: (C)2007-09-13   (M)2024-01-26


Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1019194
http://www.securityfocus.com/archive/1/479237/100/0/threaded
BID-25653
SECUNIA-26842
SECUNIA-26952
SECUNIA-27563
SECUNIA-27732
SECUNIA-28467
SECUNIA-28471
SECUNIA-28607
SECUNIA-28749
SECUNIA-30430
SREASON-3113
SECUNIA-31651
SECUNIA-33105
SECUNIA-35650
ADV-2008-1697
APPLE-SA-2008-05-28
FEDORA-2007-2214
FEDORA-2007-707
GLSA-200711-06
HPSBUX02365
HPSBUX02465
MDVSA-2008:014
RHSA-2007:0911
RHSA-2008:0004
RHSA-2008:0005
RHSA-2008:0006
RHSA-2008:0008
RHSA-2008:0261
SSRT090085
SUSE-SA:2007:061
TA08-150A
USN-575-1
apache-utf7-xss(36586)
http://bugs.gentoo.org/show_bug.cgi?id=186219
http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm
http://www.apache.org/dist/httpd/CHANGES_2.2.6
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html
oval:org.mitre.oval:def:10929
oval:org.mitre.oval:def:6089

CWE    1
CWE-79

© SecPod Technologies