4.3

CVE-2007-6203

Exploit
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version2.0.46
ApacheHTTP Server Version2.0.47
ApacheHTTP Server Version2.0.48
ApacheHTTP Server Version2.0.49
ApacheHTTP Server Version2.0.50
ApacheHTTP Server Version2.0.51
ApacheHTTP Server Version2.0.52
ApacheHTTP Server Version2.0.53
ApacheHTTP Server Version2.0.54
ApacheHTTP Server Version2.0.55
ApacheHTTP Server Version2.0.57
ApacheHTTP Server Version2.0.58
ApacheHTTP Server Version2.0.59
ApacheHTTP Server Version2.1.1
ApacheHTTP Server Version2.1.2
ApacheHTTP Server Version2.1.3
ApacheHTTP Server Version2.1.4
ApacheHTTP Server Version2.1.5
ApacheHTTP Server Version2.1.6
ApacheHTTP Server Version2.1.7
ApacheHTTP Server Version2.1.8
ApacheHTTP Server Version2.2.0
ApacheHTTP Server Version2.2.2
ApacheHTTP Server Version2.2.3
ApacheHTTP Server Version2.2.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 80.75% 0.996
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://www.vupen.com/english/advisories/2008/0924/references
http://secunia.com/advisories/29420
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://marc.info/?l=bugtraq&m=129190899612998&w=2
http://secunia.com/advisories/29640
Vendor Advisory
http://secunia.com/advisories/33105
Vendor Advisory
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html
http://procheckup.com/Vulnerability_PR07-37.php
Exploit
http://secunia.com/advisories/27906
Vendor Advisory
http://secunia.com/advisories/28196
Vendor Advisory
http://secunia.com/advisories/29348
Vendor Advisory
http://secunia.com/advisories/30356
Vendor Advisory
http://secunia.com/advisories/30732
Vendor Advisory
http://secunia.com/advisories/34219
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200803-19.xml
http://securityreason.com/securityalert/3411
http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952
http://www-1.ibm.com/support/docview.wss?uid=swg24019245
http://www.securityfocus.com/archive/1/484410/100/0/threaded
http://www.securityfocus.com/bid/26663
Exploit
http://www.securitytracker.com/id?1019030
http://www.ubuntu.com/usn/USN-731-1
http://www.vupen.com/english/advisories/2007/4060
http://www.vupen.com/english/advisories/2007/4301
http://www.vupen.com/english/advisories/2008/1623/references
http://www.vupen.com/english/advisories/2008/1875/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/38800
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166