Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6421

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2007-6421
Last Modified 07 Mar 2011 10:02:41
Published 08 Jan 2008 02:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-6421

Summary

Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

Vulnerable Systems

Application

  • Apache Http Server 2.2

  • Apache Http Server 2.2.1

  • Apache Http Server 2.2.2

  • Apache Http Server 2.2.3

  • Apache Http Server 2.2.4

  • Apache Http Server 2.2.5

  • Apache Http Server 2.2.6


References

XF - apache-modproxybalancer-xss(39474)

VUPEN - ADV-2008-0924

VUPEN - ADV-2008-0048

UBUNTU - USN-575-1

BID - 27236

BUGTRAQ - 20080110 SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability

REDHAT - RHSA-2008:0008

MANDRIVA - MDVSA-2008:016

SECUNIA - 28749

SECUNIA - 28526

CONFIRM - http://httpd.apache.org/security/vulnerabilities_22.html

FEDORA - FEDORA-2008-1695

FEDORA - FEDORA-2008-1711

REDHAT - RHSA-2008:0009

SREASON - 3523

SECUNIA - 29640

SECUNIA - 29420

SECUNIA - 28977

SUSE - SUSE-SA:2008:021

APPLE - APPLE-SA-2008-03-18

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Leopard)

Apple 2008-03-26 Security Update 2008-002 v1.1 Server (Leopard) (Rev 2)

Apple 2008-03-26 Security Update 2008-002 v1.1 Client (Leopard) (Rev 2)


Last Updated: 27 May 2016 10:46:30