CVE-2007-6203 in Apache HTTP Serverinformation

Résumé (Anglaise)

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

Réserver

03/12/2007

Divulgation

03/12/2007

Entrées

VulDB provides additional information and datapoints for this CVE:

ID	Vulnérabilité	CWE	Exp	Con	CVE
3489	Apache HTTP Server HTTP Header cross site scripting	79	Élevé	Correctif officiel	CVE-2007-6203

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

◂ PrécédentAperçuSuivant ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!