Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2007-4465
HistorySep 14, 2007 - 12:00 a.m.

CVE-2007-4465

2007-09-1400:00:00
ubuntu.com
ubuntu.com
9

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.017 Low

EPSS

Percentile

87.6%

JSON

Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache
HTTP Server before 2.2.6, when the charset on a server-generated page is
not defined, allows remote attackers to inject arbitrary web script or HTML
via the P parameter using the UTF-7 charset. NOTE: it could be argued that
this issue is due to a design limitation of browsers that attempt to
perform automatic content type detection.

Bugs

Notes

Author Note
jdstrand redhat has patch for all of there releases now
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchapache2< 2.0.55-4ubuntu2.3UNKNOWN
ubuntu6.10noarchapache2< 2.0.55-4ubuntu4.2UNKNOWN
ubuntu7.04noarchapache2< 2.2.3-3.2ubuntu2.1UNKNOWN
ubuntu7.10noarchapache2< 2.2.4-3ubuntu0.1UNKNOWN

Related

securityvulns 3
veracode 1
debiancve 1
prion 1
altlinux 3
cve 1
openvas 40
fedora 2
redhat 7
nessus 24
oraclelinux 3
centos 4
suse 1
gentoo 1
ubuntu 1
securityvulns
securityvulns
Apache crossite scripting
2007-09-13 00:00:00
Apache2 Undefined Charset UTF-7 XSS Vulnerability
2007-09-13 00:00:00
About the security content of Security Update 2008-003 / Mac OS X 10.5.3
2008-05-30 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-10 00:18:54
debiancve
debiancve
CVE-2007-4465
2007-09-14 00:17:00
prion
prion
Cross site scripting
2007-09-14 00:17:00
altlinux
altlinux
Security fix for the ALT Linux 8 package apache2 version 2.2.6-alt1
2007-09-14 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.6-alt1
2007-09-14 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.6-alt1
2007-09-14 00:00:00
cve
cve
CVE-2007-4465
2007-09-14 00:17:00
openvas
openvas
Fedora Update for httpd FEDORA-2007-707
2009-02-27 00:00:00
Mandriva Update for apache MDKSA-2007:235 (apache)
2009-04-09 00:00:00
Fedora Update for httpd FEDORA-2007-707
2009-02-27 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: httpd-2.2.6-1.fc6
2007-09-24 20:29:48
[SECURITY] Fedora 7 Update: httpd-2.2.6-1.fc7
2007-09-19 02:53:28
redhat
redhat
(RHSA-2007:0911) Moderate: httpd security update
2007-10-25 00:00:00
(RHSA-2008:0006) Moderate: httpd security update
2008-01-15 00:00:00
(RHSA-2008:0004) Moderate: apache security update
2008-01-15 00:00:00
nessus
nessus
Mandrake Linux Security Advisory : apache (MDKSA-2007:235)
2007-12-04 00:00:00
Fedora Core 6 : httpd-2.2.6-1.fc6 (2007-707)
2007-09-25 00:00:00
RHEL 2.1 : apache (RHSA-2008:0004)
2008-01-15 00:00:00
oraclelinux
oraclelinux
Moderate: httpd security update
2008-01-15 00:00:00
Moderate: httpd security update
2008-01-15 00:00:00
Moderate: httpd security update
2008-01-15 00:00:00
centos
centos
apache security update
2008-01-16 02:42:35
httpd, mod_ssl security update
2008-01-15 13:48:01
httpd, mod_ssl security update
2008-01-15 12:48:29
suse
suse
remote denial of service in apache2
2007-11-19 15:20:20
gentoo
gentoo
Apache: Multiple vulnerabilities
2007-11-07 00:00:00
ubuntu
ubuntu
Apache vulnerabilities
2008-02-04 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.017 Low

EPSS

Percentile

87.6%

JSON
Related for UB:CVE-2007-4465
securityvulns3veracode1debiancve1prion1altlinux3cve1openvas40fedora2redhat7nessus24oraclelinux3centos4suse1gentoo1ubuntu1