Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2007-6203
HistoryDec 03, 2007 - 12:00 a.m.

CVE-2007-6203

2007-12-0300:00:00
ubuntu.com
ubuntu.com
8

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.972 High

EPSS

Percentile

99.8%

JSON

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method
specifier header from an HTTP request when it is reflected back in a “413
Request Entity Too Large” error message, which might allow cross-site
scripting (XSS) style attacks using web client components that can send
arbitrary headers in requests, as demonstrated via an HTTP request
containing an invalid Content-length value, a similar issue to
CVE-2006-3918.

Notes

Author Note
jdstrand seems a very hard bug to exploit, if at all. See: http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952
mdeslaur test available: http://www.securityfocus.com/archive/1/archive/1/484410/100/0/threaded
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchapache2< 2.0.55-4ubuntu2.4UNKNOWN
ubuntu7.10noarchapache2< 2.2.4-3ubuntu0.2UNKNOWN

Related

prion 2
cve 3
debiancve 2
checkpoint_advisories 2
nessus 23
f5 2
ubuntucve 1
httpd 1
oraclelinux 1
redhat 2
centos 3
packetstorm 2
suse 2
openvas 19
exploitpack 1
debian 1
exploitdb 1
osv 1
seebug 1
gentoo 1
ubuntu 2
prion
prion
Cross site scripting
2007-12-03 22:46:00
Cross site scripting
2007-11-14 01:46:00
cve
cve
CVE-2007-6203
2007-12-03 22:46:00
CVE-2006-3918
2006-07-28 00:04:00
CVE-2007-5944
2007-11-14 01:46:00
debiancve
debiancve
CVE-2007-6203
2007-12-03 22:46:00
CVE-2006-3918
2006-07-28 00:04:00
checkpoint_advisories
checkpoint_advisories
Preemptive Protection against Apache HTTP Server 413 Error Page Cross-Site Scripting Vulnerability
2007-12-04 00:00:00
Apache HTTP Server Header Injection Cross-Site Scripting (CVE-2006-3918)
2014-03-17 00:00:00
nessus
nessus
RHEL 3 / 4 : httpd (RHSA-2006:0619)
2006-08-14 00:00:00
CentOS 3 / 4 : httpd (CESA-2006:0619)
2006-08-14 00:00:00
F5 Networks BIG-IP : Apache HTTP Expect header handling (SOL6669)
2014-10-10 00:00:00
f5
f5
K6669 : Apache HTTP Expect header handling
2013-03-19 00:00:00
SOL6669 - Apache HTTP Expect header handling
2007-05-16 00:00:00
ubuntucve
ubuntucve
CVE-2006-3918
2006-07-27 00:00:00
httpd
httpd
Apache Httpd < 1.3.35 : Expect header Cross-Site Scripting
2006-05-01 00:00:00
oraclelinux
oraclelinux
Moderate httpd security update
2006-11-30 00:00:00
redhat
redhat
(RHSA-2006:0619) httpd security update
2006-08-10 00:00:00
(RHSA-2006:0618) apache security update
2006-08-08 00:00:00
centos
centos
httpd, mod_ssl security update
2006-08-10 22:42:31
apache security update
2006-08-08 23:33:33
httpd, mod_ssl security update
2006-08-24 16:29:11
packetstorm
packetstorm
ProCheckUp Security Advisory 2007.37
2007-12-02 00:00:00
Oracle HTTP Server Header Cross Site Scripting
2011-06-14 00:00:00
suse
suse
cross site scripting in apache2,apache
2008-04-04 16:29:16
cryptographic problems in apache2
2006-09-08 14:34:17
openvas
openvas
SuSE Update for apache2,apache SUSE-SA:2008:021
2009-01-23 00:00:00
Debian Security Advisory DSA 1167-1 (apache)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1167-1)
2008-01-17 00:00:00
exploitpack
exploitpack
Oracle HTTP Server - Cross-Site Scripting Header Injection
2011-06-13 00:00:00
debian
debian
[SECURITY] [DSA 1167-1] New apache packages fix several vulnerabilities
2006-09-04 15:08:06
exploitdb
exploitdb
Oracle HTTP Server - Cross-Site Scripting Header Injection
2011-06-13 00:00:00
osv
osv
apache - missing input sanitising
2006-09-04 00:00:00
seebug
seebug
Oracle HTTP Server - XSS Header Injection
2014-07-01 00:00:00
gentoo
gentoo
Apache: Multiple vulnerabilities
2008-03-11 00:00:00
ubuntu
ubuntu
Apache vulnerabilities
2009-03-10 00:00:00
Apache vulnerabilities
2008-02-04 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.972 High

EPSS

Percentile

99.8%

JSON
Related for UB:CVE-2007-6203
prion2cve3debiancve2checkpoint_advisories2nessus23f52ubuntucve1httpd1oraclelinux1redhat2centos3packetstorm2suse2openvas19exploitpack1debian1exploitdb1osv1seebug1gentoo1ubuntu2