Vulnerability-Lookup

CVE-2007-6203 (GCVE-0-2007-6203)

Vulnerability from cvelistv5 – Published: 2007-12-04 03:00 – Updated: 2024-08-07 15:54

Summary

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www-1.ibm.com/support/docview.wss?uid=swg1…	vendor-advisoryx_refsource_AIXAPAR
	http://security.gentoo.org/glsa/glsa-200803-19.xml	vendor-advisoryx_refsource_GENTOO
	http://www.securityfocus.com/bid/26663	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/34219	third-party-advisoryx_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=125631037611762&w=2	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/27906	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/1623…	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2008/0924…	vdb-entryx_refsource_VUPEN
	http://marc.info/?l=bugtraq&m=125631037611762&w=2	vendor-advisoryx_refsource_HP
	http://securityreason.com/securityalert/3411	third-party-advisoryx_refsource_SREASON
	http://www.vupen.com/english/advisories/2007/4301	vdb-entryx_refsource_VUPEN
	http://www.ubuntu.com/usn/USN-731-1	vendor-advisoryx_refsource_UBUNTU
	http://marc.info/?l=bugtraq&m=129190899612998&w=2	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/29420	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/4060	vdb-entryx_refsource_VUPEN
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://secunia.com/advisories/33105	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1019030	vdb-entryx_refsource_SECTRACK
	http://www-1.ibm.com/support/docview.wss?uid=swg2…	vendor-advisoryx_refsource_AIXAPAR
	http://www.securityfocus.com/archive/1/484410/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/29348	third-party-advisoryx_refsource_SECUNIA
	http://www.fujitsu.com/global/support/software/se…	x_refsource_CONFIRM
	http://secunia.com/advisories/28196	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/30356	third-party-advisoryx_refsource_SECUNIA
	http://docs.info.apple.com/article.html?artnum=307562	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=129190899612998&w=2	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/29640	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2008/1875…	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/30732	third-party-advisoryx_refsource_SECUNIA
	http://procheckup.com/Vulnerability_PR07-37.php	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:27.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PK57952",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
          },
          {
            "name": "GLSA-200803-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200803-19.xml"
          },
          {
            "name": "26663",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26663"
          },
          {
            "name": "oval:org.mitre.oval:def:12166",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166"
          },
          {
            "name": "34219",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34219"
          },
          {
            "name": "HPSBUX02465",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "27906",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27906"
          },
          {
            "name": "ADV-2008-1623",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1623/references"
          },
          {
            "name": "ADV-2008-0924",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0924/references"
          },
          {
            "name": "SSRT090192",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "3411",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3411"
          },
          {
            "name": "ADV-2007-4301",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4301"
          },
          {
            "name": "USN-731-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-731-1"
          },
          {
            "name": "HPSBUX02612",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
          },
          {
            "name": "29420",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29420"
          },
          {
            "name": "ADV-2007-4060",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4060"
          },
          {
            "name": "APPLE-SA-2008-03-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
          },
          {
            "name": "33105",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33105"
          },
          {
            "name": "1019030",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019030"
          },
          {
            "name": "PK65782",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
          },
          {
            "name": "20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
          },
          {
            "name": "29348",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29348"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
          },
          {
            "name": "28196",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28196"
          },
          {
            "name": "SUSE-SA:2008:021",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
          },
          {
            "name": "30356",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30356"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307562"
          },
          {
            "name": "SSRT100345",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
          },
          {
            "name": "29640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29640"
          },
          {
            "name": "apache-413error-xss(38800)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
          },
          {
            "name": "ADV-2008-1875",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1875/references"
          },
          {
            "name": "30732",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30732"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://procheckup.com/Vulnerability_PR07-37.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-30T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T00:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "PK57952",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
        },
        {
          "name": "GLSA-200803-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200803-19.xml"
        },
        {
          "name": "26663",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26663"
        },
        {
          "name": "oval:org.mitre.oval:def:12166",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166"
        },
        {
          "name": "34219",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34219"
        },
        {
          "name": "HPSBUX02465",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
        },
        {
          "name": "27906",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27906"
        },
        {
          "name": "ADV-2008-1623",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1623/references"
        },
        {
          "name": "ADV-2008-0924",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0924/references"
        },
        {
          "name": "SSRT090192",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
        },
        {
          "name": "3411",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3411"
        },
        {
          "name": "ADV-2007-4301",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4301"
        },
        {
          "name": "USN-731-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-731-1"
        },
        {
          "name": "HPSBUX02612",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
        },
        {
          "name": "29420",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29420"
        },
        {
          "name": "ADV-2007-4060",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4060"
        },
        {
          "name": "APPLE-SA-2008-03-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
        },
        {
          "name": "33105",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33105"
        },
        {
          "name": "1019030",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019030"
        },
        {
          "name": "PK65782",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
        },
        {
          "name": "20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
        },
        {
          "name": "29348",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29348"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
        },
        {
          "name": "28196",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28196"
        },
        {
          "name": "SUSE-SA:2008:021",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
        },
        {
          "name": "30356",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30356"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307562"
        },
        {
          "name": "SSRT100345",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
        },
        {
          "name": "29640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29640"
        },
        {
          "name": "apache-413error-xss(38800)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
        },
        {
          "name": "ADV-2008-1875",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1875/references"
        },
        {
          "name": "30732",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30732"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://procheckup.com/Vulnerability_PR07-37.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6203",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PK57952",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
            },
            {
              "name": "GLSA-200803-19",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200803-19.xml"
            },
            {
              "name": "26663",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26663"
            },
            {
              "name": "oval:org.mitre.oval:def:12166",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166"
            },
            {
              "name": "34219",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34219"
            },
            {
              "name": "HPSBUX02465",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
            },
            {
              "name": "27906",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27906"
            },
            {
              "name": "ADV-2008-1623",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1623/references"
            },
            {
              "name": "ADV-2008-0924",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0924/references"
            },
            {
              "name": "SSRT090192",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
            },
            {
              "name": "3411",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3411"
            },
            {
              "name": "ADV-2007-4301",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4301"
            },
            {
              "name": "USN-731-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-731-1"
            },
            {
              "name": "HPSBUX02612",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
            },
            {
              "name": "29420",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29420"
            },
            {
              "name": "ADV-2007-4060",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4060"
            },
            {
              "name": "APPLE-SA-2008-03-18",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
            },
            {
              "name": "33105",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33105"
            },
            {
              "name": "1019030",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019030"
            },
            {
              "name": "PK65782",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
            },
            {
              "name": "20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
            },
            {
              "name": "29348",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29348"
            },
            {
              "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html",
              "refsource": "CONFIRM",
              "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
            },
            {
              "name": "28196",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28196"
            },
            {
              "name": "SUSE-SA:2008:021",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
            },
            {
              "name": "30356",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30356"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307562",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=307562"
            },
            {
              "name": "SSRT100345",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
            },
            {
              "name": "29640",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29640"
            },
            {
              "name": "apache-413error-xss(38800)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
            },
            {
              "name": "ADV-2008-1875",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1875/references"
            },
            {
              "name": "30732",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30732"
            },
            {
              "name": "http://procheckup.com/Vulnerability_PR07-37.php",
              "refsource": "MISC",
              "url": "http://procheckup.com/Vulnerability_PR07-37.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6203",
    "datePublished": "2007-12-04T03:00:00.000Z",
    "dateReserved": "2007-12-03T05:00:00.000Z",
    "dateUpdated": "2024-08-07T15:54:27.075Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-148

Vulnerability from certfr_avis - Published: 2008-03-19 - Updated: 2008-03-19

None

Description

De multiples vulnérabilités ont été découvertes dans le système d'exploitation Apple Mac OS X. L'exploitation de ces vulnérabilités permet à un individu malveillant diverses actions dont exécuter du code arbitaire à distance, effectuer un déni de service, contourner la politique de sécurité, élever ses privilèges et effectuer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité Apple 307562 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple Mac Os X version 10.4.11 et antérieures ;
	Apple	N/A	Apple Mac Os X version 10.5.2 et antérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 307562 du 18 mars 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac Os X version 10.4.11 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac Os X version 10.5.2 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s\npermet \u00e0 un individu malveillant diverses actions dont ex\u00e9cuter du code\narbitaire \u00e0 distance, effectuer un d\u00e9ni de service, contourner la\npolitique de s\u00e9curit\u00e9, \u00e9lever ses privil\u00e8ges et effectuer une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Apple 307562 pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0063"
    },
    {
      "name": "CVE-2008-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0060"
    },
    {
      "name": "CVE-2007-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
    },
    {
      "name": "CVE-2007-6109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6109"
    },
    {
      "name": "CVE-2007-1661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1661"
    },
    {
      "name": "CVE-2008-0882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0882"
    },
    {
      "name": "CVE-2007-6336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6336"
    },
    {
      "name": "CVE-2007-2799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2799"
    },
    {
      "name": "CVE-2006-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3747"
    },
    {
      "name": "CVE-2007-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
    },
    {
      "name": "CVE-2008-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1089"
    },
    {
      "name": "CVE-2008-0005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
    },
    {
      "name": "CVE-2007-4768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4768"
    },
    {
      "name": "CVE-2008-0059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0059"
    },
    {
      "name": "CVE-2008-1000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1000"
    },
    {
      "name": "CVE-2007-1660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1660"
    },
    {
      "name": "CVE-2007-4568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4568"
    },
    {
      "name": "CVE-2007-3378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3378"
    },
    {
      "name": "CVE-2008-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0052"
    },
    {
      "name": "CVE-2008-0990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0990"
    },
    {
      "name": "CVE-2008-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0995"
    },
    {
      "name": "CVE-2007-0898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0898"
    },
    {
      "name": "CVE-2007-5266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5266"
    },
    {
      "name": "CVE-2008-0055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0055"
    },
    {
      "name": "CVE-2007-1997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1997"
    },
    {
      "name": "CVE-2007-1659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1659"
    },
    {
      "name": "CVE-2007-6337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6337"
    },
    {
      "name": "CVE-2008-0044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0044"
    },
    {
      "name": "CVE-2008-0045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0045"
    },
    {
      "name": "CVE-2007-5971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5971"
    },
    {
      "name": "CVE-2008-0046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0046"
    },
    {
      "name": "CVE-2008-0047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0047"
    },
    {
      "name": "CVE-2007-6335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6335"
    },
    {
      "name": "CVE-2007-5267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5267"
    },
    {
      "name": "CVE-2007-3725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3725"
    },
    {
      "name": "CVE-2008-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0054"
    },
    {
      "name": "CVE-2008-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0996"
    },
    {
      "name": "CVE-2007-5268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5268"
    },
    {
      "name": "CVE-2007-6203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6203"
    },
    {
      "name": "CVE-2008-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0051"
    },
    {
      "name": "CVE-2007-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3799"
    },
    {
      "name": "CVE-2008-0048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0048"
    },
    {
      "name": "CVE-2007-1662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1662"
    },
    {
      "name": "CVE-2006-3334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3334"
    },
    {
      "name": "CVE-2008-0998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0998"
    },
    {
      "name": "CVE-2007-0897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0897"
    },
    {
      "name": "CVE-2008-0318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0318"
    },
    {
      "name": "CVE-2007-6429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6429"
    },
    {
      "name": "CVE-2007-4510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4510"
    },
    {
      "name": "CVE-2007-5269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5269"
    },
    {
      "name": "CVE-2007-5795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5795"
    },
    {
      "name": "CVE-2008-0006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0006"
    },
    {
      "name": "CVE-2008-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0062"
    },
    {
      "name": "CVE-2008-0728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0728"
    },
    {
      "name": "CVE-2007-2445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2445"
    },
    {
      "name": "CVE-2008-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0049"
    },
    {
      "name": "CVE-2007-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1745"
    },
    {
      "name": "CVE-2007-6427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6427"
    },
    {
      "name": "CVE-2008-0987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0987"
    },
    {
      "name": "CVE-2008-0993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0993"
    },
    {
      "name": "CVE-2008-0988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0988"
    },
    {
      "name": "CVE-2008-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0056"
    },
    {
      "name": "CVE-2008-0992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0992"
    },
    {
      "name": "CVE-2006-5793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5793"
    },
    {
      "name": "CVE-2007-6428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6428"
    },
    {
      "name": "CVE-2008-0989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0989"
    },
    {
      "name": "CVE-2005-3352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3352"
    },
    {
      "name": "CVE-2008-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0053"
    },
    {
      "name": "CVE-2007-4767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4767"
    },
    {
      "name": "CVE-2008-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0050"
    },
    {
      "name": "CVE-2007-5958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5958"
    },
    {
      "name": "CVE-2006-6481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6481"
    },
    {
      "name": "CVE-2008-0994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0994"
    },
    {
      "name": "CVE-2007-6421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6421"
    },
    {
      "name": "CVE-2008-0058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0058"
    },
    {
      "name": "CVE-2007-4752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4752"
    },
    {
      "name": "CVE-2008-0999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0999"
    },
    {
      "name": "CVE-2007-4560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4560"
    },
    {
      "name": "CVE-2007-4990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4990"
    },
    {
      "name": "CVE-2007-4766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4766"
    },
    {
      "name": "CVE-2007-6388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
    },
    {
      "name": "CVE-2008-0596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0596"
    },
    {
      "name": "CVE-2007-4887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4887"
    }
  ],
  "initial_release_date": "2008-03-19T00:00:00",
  "last_revision_date": "2008-03-19T00:00:00",
  "links": [],
  "reference": "CERTA-2008-AVI-148",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-03-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307562 du 18 mars 2008",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    }
  ]
}

CERTA-2007-AVI-560

Vulnerability from certfr_avis - Published: 2007-12-24 - Updated: 2007-12-24

Deux vulnérabilités dans IBM HTTP Server permettent à un utilisateur malintentionné de réaliser de l'injection de code indirecte.

Description

Une première vulnérabilité est présente dans le module mod_imap. Un défaut de filtrage des données entrées permet à un utilisateur malintentionné de réaliser de l'injection de code indirecte.

Une deuxième vulnérabilité est présente dans le traitement de certaines erreurs HTTP (code HTTP 4xx). Un défaut de filtrage des données entrées permet à un utilisateur malintentionné de réaliser de l'injection de code indirecte.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IBM HTTP Server.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

CVE-2007-5000	None	vendor-advisory
CVE-2007-6203	None	vendor-advisory
Bulletin de sécurité IBM swg1PK58024 du 20 décembre 2007 :	-	other
Bulletin de sécurité IBM swg1PK57952 du 20 décembre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eIBM HTTP Server.\u003c/p\u003e",
  "content": "## Description\n\nUne premi\u00e8re vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans le module mod_imap. Un\nd\u00e9faut de filtrage des donn\u00e9es entr\u00e9es permet \u00e0 un utilisateur\nmalintentionn\u00e9 de r\u00e9aliser de l\u0027injection de code indirecte.\n\nUne deuxi\u00e8me vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans le traitement de certaines\nerreurs HTTP (code HTTP 4xx). Un d\u00e9faut de filtrage des donn\u00e9es entr\u00e9es\npermet \u00e0 un utilisateur malintentionn\u00e9 de r\u00e9aliser de l\u0027injection de\ncode indirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
    },
    {
      "name": "CVE-2007-6203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6203"
    }
  ],
  "initial_release_date": "2007-12-24T00:00:00",
  "last_revision_date": "2007-12-24T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg1PK58024 du 20 d\u00e9cembre 2007 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK58024"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg1PK57952 du 20 d\u00e9cembre 2007 :",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
    }
  ],
  "reference": "CERTA-2007-AVI-560",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-12-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte (cross site scripting)"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans IBM HTTP Server permettent \u00e0 un utilisateur\nmalintentionn\u00e9 de r\u00e9aliser de l\u0027injection de code indirecte.\n",
  "title": "Vuln\u00e9rabilit\u00e9s de serveur HTTP d\u0027IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "CVE-2007-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
    },
    {
      "published_at": null,
      "title": "CVE-2007-6203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6203"
    }
  ]
}

GHSA-G7XR-J224-9V5W

Vulnerability from github – Published: 2022-05-01 18:40 – Updated: 2022-05-01 18:40

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-6203"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-12-03T22:46:00Z",
    "severity": "MODERATE"
  },
  "details": "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.",
  "id": "GHSA-g7xr-j224-9v5w",
  "modified": "2022-05-01T18:40:42Z",
  "published": "2022-05-01T18:40:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6203"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://procheckup.com/Vulnerability_PR07-37.php"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27906"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28196"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29348"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29640"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30356"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30732"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33105"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34219"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200803-19.xml"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3411"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
    },
    {
      "type": "WEB",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
    },
    {
      "type": "WEB",
      "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26663"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019030"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-731-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4060"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4301"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1623/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1875/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-6203

Vulnerability from fkie_nvd - Published: 2007-12-03 22:46 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=307562
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
cve@mitre.org	http://marc.info/?l=bugtraq&m=125631037611762&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=129190899612998&w=2
cve@mitre.org	http://procheckup.com/Vulnerability_PR07-37.php	Exploit
cve@mitre.org	http://secunia.com/advisories/27906	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/28196	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29348	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29420	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/29640	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30356	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30732	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/33105	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/34219	Vendor Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200803-19.xml
cve@mitre.org	http://securityreason.com/securityalert/3411
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952
cve@mitre.org	http://www-1.ibm.com/support/docview.wss?uid=swg24019245
cve@mitre.org	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html
cve@mitre.org	http://www.securityfocus.com/archive/1/484410/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/26663	Exploit
cve@mitre.org	http://www.securitytracker.com/id?1019030
cve@mitre.org	http://www.ubuntu.com/usn/USN-731-1
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4060
cve@mitre.org	http://www.vupen.com/english/advisories/2007/4301
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0924/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1623/references
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1875/references
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/38800
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307562
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=125631037611762&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=129190899612998&w=2
af854a3a-2127-422b-91ae-364da2661108	http://procheckup.com/Vulnerability_PR07-37.php	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27906	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28196	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29348	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29420	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29640	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30356	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30732	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33105	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34219	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200803-19.xml
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3411
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952
af854a3a-2127-422b-91ae-364da2661108	http://www-1.ibm.com/support/docview.wss?uid=swg24019245
af854a3a-2127-422b-91ae-364da2661108	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/484410/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26663	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019030
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-731-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4060
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4301
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0924/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1623/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1875/references
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38800
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166

Impacted products

Vendor	Product	Version
apache	http_server	2.0.46
apache	http_server	2.0.47
apache	http_server	2.0.48
apache	http_server	2.0.49
apache	http_server	2.0.50
apache	http_server	2.0.51
apache	http_server	2.0.52
apache	http_server	2.0.53
apache	http_server	2.0.54
apache	http_server	2.0.55
apache	http_server	2.0.57
apache	http_server	2.0.58
apache	http_server	2.0.59
apache	http_server	2.1.1
apache	http_server	2.1.2
apache	http_server	2.1.3
apache	http_server	2.1.4
apache	http_server	2.1.5
apache	http_server	2.1.6
apache	http_server	2.1.7
apache	http_server	2.1.8
apache	http_server	2.2.0
apache	http_server	2.2.2
apache	http_server	2.2.3
apache	http_server	2.2.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB0FDE3D-1509-4375-8703-0D174D70B22E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFE732B5-00C9-4443-97E0-1DF21475C26B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "C79C41D3-6894-4F2D-B8F8-82AB4780A824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "449A5647-CEA6-4314-9DB8-D086F388E1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5A407B7-F432-48F0-916A-A49952F85CA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B5AC769-D07D-43C7-B252-A5A812E7D58C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADF4DBF6-DAF0-47E7-863B-C48DB7149A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2F19D71-0A58-4B03-B351-596EB67ECF80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EBB3FF9-CF5A-4E7B-ACE3-A198343AD485",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "D721FFB5-D6D3-4F60-8B09-B3AD07EE6D4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF37A82-49B6-45D4-B91D-FDA2D4463A0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "030D1767-2DF7-48E3-B462-4B49CA751B35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "5236DC61-5557-4C24-8F5B-F48548448588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D72E88F0-AB0F-4B6F-AE86-71B0DE84BD75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "840FF871-79EC-472C-91BD-9E9AFC36B408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "191E8654-5338-4051-A1D5-EE491D594F13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B26CC819-7315-456F-9F95-2A64FCE6AC26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3774827-AB0B-4A95-844B-9BC904A9FE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "18D07925-542B-4369-AA21-5587703E12E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACC83EB5-4E9A-4EA9-8D9F-BDBF5F60C54A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "80632488-5C7E-4C70-BB60-BC4756187670",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "67AD11FB-529C-404E-A13B-284F145322B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCBBB7FE-35FC-4515-8393-5145339FCE4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F519633F-AB68-495A-B85E-FD41F9F752CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A894BED6-C97D-4DA4-A13D-9CB2B3306BC5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918."
    },
    {
      "lang": "es",
      "value": "Apache HTTP Server 2.0.x y 2.2.x no sanea la cabecera de especificador de HTTP Method de una petici\u00f3n HTTP cuando es reflejada en un error \"413 Request Entity Too Large\", lo cual podr\u00eda permitir ataques tipo secuencias de comandos en sitios cruzados (XSS) utilizando componentes de clientes web que pueden enviar cabeceras de su elecci\u00f3n en peticiones, como se demuestra con una petici\u00f3n petici\u00f3n HTTP conteniendo un valor inv\u00e1lido de Content-length, asunto similar a CVE-2006-3918."
    }
  ],
  "id": "CVE-2007-6203",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-12-03T22:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://procheckup.com/Vulnerability_PR07-37.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27906"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28196"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29348"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29640"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30356"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30732"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33105"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34219"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200803-19.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3411"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/26663"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019030"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-731-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4060"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/4301"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1623/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1875/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://procheckup.com/Vulnerability_PR07-37.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/34219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200803-19.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3411"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/26663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-731-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1623/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1875/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "The Apache Software Foundation security team  does not consider this issue to be a security vulnerability. In order to exploit this for cross-site scripting, the attacker would have to get the victim to supply an arbitrary malformed HTTP method to a target site.",
      "lastModified": "2008-06-09T00:00:00",
      "organization": "Apache"
    },
    {
      "comment": "Red Hat does not consider this issue to be a vulnerability.  In order to exploit this for cross-site scripting, the attacker would have to get the victim to supply an arbitrary malformed HTTP method to a target site.",
      "lastModified": "2007-12-06T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-6203

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-6203

Aliases

CVE-2007-6203

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-6203",
    "description": "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.",
    "id": "GSD-2007-6203",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-6203.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-6203"
      ],
      "details": "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.",
      "id": "GSD-2007-6203",
      "modified": "2023-12-13T01:21:38.662949Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-6203",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "PK57952",
            "refsource": "AIXAPAR",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
          },
          {
            "name": "GLSA-200803-19",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200803-19.xml"
          },
          {
            "name": "26663",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26663"
          },
          {
            "name": "oval:org.mitre.oval:def:12166",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166"
          },
          {
            "name": "34219",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34219"
          },
          {
            "name": "HPSBUX02465",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "27906",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27906"
          },
          {
            "name": "ADV-2008-1623",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1623/references"
          },
          {
            "name": "ADV-2008-0924",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0924/references"
          },
          {
            "name": "SSRT090192",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "3411",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/3411"
          },
          {
            "name": "ADV-2007-4301",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/4301"
          },
          {
            "name": "USN-731-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-731-1"
          },
          {
            "name": "HPSBUX02612",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
          },
          {
            "name": "29420",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29420"
          },
          {
            "name": "ADV-2007-4060",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/4060"
          },
          {
            "name": "APPLE-SA-2008-03-18",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
          },
          {
            "name": "33105",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33105"
          },
          {
            "name": "1019030",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019030"
          },
          {
            "name": "PK65782",
            "refsource": "AIXAPAR",
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
          },
          {
            "name": "20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
          },
          {
            "name": "29348",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29348"
          },
          {
            "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html",
            "refsource": "CONFIRM",
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
          },
          {
            "name": "28196",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/28196"
          },
          {
            "name": "SUSE-SA:2008:021",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
          },
          {
            "name": "30356",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30356"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=307562",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=307562"
          },
          {
            "name": "SSRT100345",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
          },
          {
            "name": "29640",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29640"
          },
          {
            "name": "apache-413error-xss(38800)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
          },
          {
            "name": "ADV-2008-1875",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1875/references"
          },
          {
            "name": "30732",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30732"
          },
          {
            "name": "http://procheckup.com/Vulnerability_PR07-37.php",
            "refsource": "MISC",
            "url": "http://procheckup.com/Vulnerability_PR07-37.php"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6203"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://procheckup.com/Vulnerability_PR07-37.php",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://procheckup.com/Vulnerability_PR07-37.php"
            },
            {
              "name": "26663",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/26663"
            },
            {
              "name": "27906",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27906"
            },
            {
              "name": "1019030",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019030"
            },
            {
              "name": "PK57952",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
            },
            {
              "name": "28196",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/28196"
            },
            {
              "name": "GLSA-200803-19",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200803-19.xml"
            },
            {
              "name": "29348",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29348"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307562",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=307562"
            },
            {
              "name": "APPLE-SA-2008-03-18",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
            },
            {
              "name": "29420",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29420"
            },
            {
              "name": "3411",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/3411"
            },
            {
              "name": "SUSE-SA:2008:021",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
            },
            {
              "name": "29640",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29640"
            },
            {
              "name": "PK65782",
              "refsource": "AIXAPAR",
              "tags": [],
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
            },
            {
              "name": "30356",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30356"
            },
            {
              "name": "30732",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/30732"
            },
            {
              "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
            },
            {
              "name": "33105",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/33105"
            },
            {
              "name": "USN-731-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-731-1"
            },
            {
              "name": "34219",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/34219"
            },
            {
              "name": "HPSBUX02465",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
            },
            {
              "name": "HPSBUX02612",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
            },
            {
              "name": "ADV-2007-4301",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/4301"
            },
            {
              "name": "ADV-2007-4060",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/4060"
            },
            {
              "name": "ADV-2008-1623",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1623/references"
            },
            {
              "name": "ADV-2008-0924",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0924/references"
            },
            {
              "name": "ADV-2008-1875",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1875/references"
            },
            {
              "name": "apache-413error-xss(38800)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
            },
            {
              "name": "oval:org.mitre.oval:def:12166",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166"
            },
            {
              "name": "20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-15T21:50Z",
      "publishedDate": "2007-12-03T22:46Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-6203 (GCVE-0-2007-6203)

CERTA-2008-AVI-148

Description

Solution

CERTA-2007-AVI-560

Description

Solution

GHSA-G7XR-J224-9V5W

FKIE_CVE-2007-6203

GSD-2007-6203

Tags

Sightings

Nomenclature