[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-6203Date: (C)2007-12-03   (M)2024-02-22


Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1019030
http://www.securityfocus.com/archive/1/484410/100/0/threaded
BID-26663
SECUNIA-27906
SECUNIA-28196
SECUNIA-29348
SECUNIA-29420
SECUNIA-29640
SECUNIA-30356
SECUNIA-30732
SECUNIA-33105
SREASON-3411
SECUNIA-34219
ADV-2007-4060
ADV-2007-4301
ADV-2008-0924
ADV-2008-1623
ADV-2008-1875
APPLE-SA-2008-03-18
GLSA-200803-19
HPSBUX02465
HPSBUX02612
PK57952
PK65782
SUSE-SA:2008:021
USN-731-1
apache-413error-xss(38800)
http://docs.info.apple.com/article.html?artnum=307562
http://procheckup.com/Vulnerability_PR07-37.php
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html
oval:org.mitre.oval:def:12166

CPE    25
cpe:/a:apache:http_server:2.0.47
cpe:/a:apache:http_server:2.0.46
cpe:/a:apache:http_server:2.0.49
cpe:/a:apache:http_server:2.0.48
...
CWE    1
CWE-79
OVAL    1
oval:org.secpod.oval:def:700374

© SecPod Technologies