Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2007-6203

Опубликовано: 03 дек. 2007
Источник: ubuntu
Приоритет: low
EPSS Высокий
CVSS2: 4.3

Описание

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

РелизСтатусПримечание
dapper

released

2.0.55-4ubuntu2.4
devel

not-affected

2.2.6-3
edgy

ignored

end of life, was needed
feisty

ignored

end of life, was needed
gutsy

released

2.2.4-3ubuntu0.2
hardy

not-affected

2.2.6-3
intrepid

not-affected

2.2.6-3
upstream

released

2.2.6-3

Показывать по

Ссылки на источники

EPSS

Процентиль: 99%
0.74685
Высокий

4.3 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2007-6203

redhat
почти 18 лет назад

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

nvd логотип

CVE-2007-6203

nvd
почти 18 лет назад

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

debian логотип

CVE-2007-6203

debian
почти 18 лет назад

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method s ...

github логотип

GHSA-g7xr-j224-9v5w

github
больше 3 лет назад

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

EPSS

Процентиль: 99%
0.74685
Высокий

4.3 Medium

CVSS2