Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6203

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6203
Last Modified 18 Jul 2011 10:08:12
Published 03 Dec 2007 05:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6203

Summary

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

Vulnerable Systems

Application

  • Apache Http Server 2.0.46

  • Apache Http Server 2.0.47

  • Apache Http Server 2.0.48

  • Apache Http Server 2.0.49

  • Apache Http Server 2.0.50

  • Apache Http Server 2.0.51

  • Apache Http Server 2.0.52

  • Apache Http Server 2.0.53

  • Apache Http Server 2.0.54

  • Apache Http Server 2.0.55

  • Apache Http Server 2.0.57

  • Apache Http Server 2.0.58

  • Apache Http Server 2.0.59

  • Apache Http Server 2.1.1

  • Apache Http Server 2.1.2

  • Apache Http Server 2.1.3

  • Apache Http Server 2.1.4

  • Apache Http Server 2.1.5

  • Apache Http Server 2.1.6

  • Apache Http Server 2.1.7

  • Apache Http Server 2.1.8

  • Apache Http Server 2.2.0

  • Apache Http Server 2.2.2

  • Apache Http Server 2.2.3

  • Apache Http Server 2.2.4


References

XF - apache-413error-xss(38800)

VUPEN - ADV-2008-1875

VUPEN - ADV-2008-1623

VUPEN - ADV-2008-0924

VUPEN - ADV-2007-4301

VUPEN - ADV-2007-4060

UBUNTU - USN-731-1

SECTRACK - 1019030

BID - 26663

BUGTRAQ - 20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method

CONFIRM - http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html

AIXAPAR - PK65782

AIXAPAR - PK57952

SREASON - 3411

GENTOO - GLSA-200803-19

SECUNIA - 34219

SECUNIA - 33105

SECUNIA - 30732

SECUNIA - 30356

SECUNIA - 29640

SECUNIA - 29420

SECUNIA - 29348

SECUNIA - 28196

SECUNIA - 27906

MISC - http://procheckup.com/Vulnerability_PR07-37.php

HP - SSRT100345

HP - SSRT090192

SUSE - SUSE-SA:2008:021

APPLE - APPLE-SA-2008-03-18

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

HP - HPSBUX02612

HP - HPSBUX02465

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Leopard)

Apple 2008-03-26 Security Update 2008-002 v1.1 Server (Leopard) (Rev 2)

Apple 2008-03-26 Security Update 2008-002 v1.1 Client (Leopard) (Rev 2)


Last Updated: 27 May 2016 10:49:56