Lucene search

K
ubuntucveUbuntu.comUB:CVE-2007-4465
HistorySep 14, 2007 - 12:00 a.m.

CVE-2007-4465

2007-09-1400:00:00
ubuntu.com
ubuntu.com
16

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.015

Percentile

87.3%

Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache
HTTP Server before 2.2.6, when the charset on a server-generated page is
not defined, allows remote attackers to inject arbitrary web script or HTML
via the P parameter using the UTF-7 charset. NOTE: it could be argued that
this issue is due to a design limitation of browsers that attempt to
perform automatic content type detection.

Bugs

Notes

Author Note
jdstrand redhat has patch for all of there releases now
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchapache2< 2.0.55-4ubuntu2.3UNKNOWN
ubuntu6.10noarchapache2< 2.0.55-4ubuntu4.2UNKNOWN
ubuntu7.04noarchapache2< 2.2.3-3.2ubuntu2.1UNKNOWN
ubuntu7.10noarchapache2< 2.2.4-3ubuntu0.1UNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.015

Percentile

87.3%