CVE-2007-6203 in HTTP Serverinfo

Summary

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

12/03/2007

Disclosure

12/03/2007

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
3489Apache HTTP Server HTTP Header cross site scripting79HighOfficial fixCVE-2007-6203

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!