CVE-2024-40725 (GCVE-0-2024-40725)
Vulnerability from – Published: 2024-07-18 09:32 – Updated: 2025-03-14 17:27
VLAI?
Summary
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.62, which fixes this issue.
Severity ?
No CVSS data available.
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
2.4.60 , ≤ 2.4.61
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40725",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T17:21:48.954496Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T17:27:57.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-08T13:05:20.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240808-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.61",
"status": "affected",
"version": "2.4.60",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA partial fix for\u0026nbsp; CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.62, which fixes this issue.\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A partial fix for\u00a0 CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.62, which fixes this issue.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T09:32:43.929Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2024-07-09T09:00:00.000Z",
"value": "reported"
}
],
"title": "Apache HTTP Server: source code disclosure with handlers configured via AddType",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-40725",
"datePublished": "2024-07-18T09:32:43.929Z",
"dateReserved": "2024-07-09T13:41:31.514Z",
"dateUpdated": "2025-03-14T17:27:57.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39884 (GCVE-0-2024-39884)
Vulnerability from – Published: 2024-07-04 08:36 – Updated: 2025-02-13 17:53
VLAI?
Summary
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.61, which fixes this issue.
Severity ?
No CVSS data available.
CWE
- Handler configuration not honored
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
2.4.60
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T13:54:22.146289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T21:08:27.183Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T17:05:05.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240712-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/17/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "2.4.60"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.\u0026nbsp; \u0026nbsp;\"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to version 2.4.61, which fixes this issue."
}
],
"value": "A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers.\u00a0 \u00a0\"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.61, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Handler configuration not honored",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T20:05:57.052Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0002/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/17/6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2024-07-01T12:00:00.000Z",
"value": "reported"
}
],
"title": "Apache HTTP Server: source code disclosure with handlers configured via AddType",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-39884",
"datePublished": "2024-07-04T08:36:49.772Z",
"dateReserved": "2024-07-01T19:27:46.267Z",
"dateUpdated": "2025-02-13T17:53:19.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38473 (GCVE-0-2024-38473)
Vulnerability from – Published: 2024-07-01 18:14 – Updated: 2025-02-13 17:53
VLAI?
Summary
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.
Users are recommended to upgrade to version 2.4.60, which fixes this issue.
Severity ?
No CVSS data available.
CWE
- CWE-116 - Improper Encoding or Escaping of Output
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
2.4.0 , ≤ 2.4.59
(semver)
|
Credits
Orange Tsai (@orange_8361) from DEVCORE
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_http_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "apache_http_server",
"vendor": "apache_software_foundation",
"versions": [
{
"lessThanOrEqual": "2.4.59",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-24T13:55:35.300035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T14:02:38.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T17:04:54.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.59",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Orange Tsai (@orange_8361) from DEVCORE"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.\u003cbr\u003eUsers are recommended to upgrade to version 2.4.60, which fixes this issue."
}
],
"value": "Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.\nUsers are recommended to upgrade to version 2.4.60, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T14:06:08.211Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2024-04-01T12:00:00.000Z",
"value": "reported"
}
],
"title": "Apache HTTP Server proxy encoding problem",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-38473",
"datePublished": "2024-07-01T18:14:21.520Z",
"dateReserved": "2024-06-17T11:05:01.135Z",
"dateUpdated": "2025-02-13T17:53:12.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36387 (GCVE-0-2024-36387)
Vulnerability from – Published: 2024-07-01 18:10 – Updated: 2025-02-13 17:52
VLAI?
Summary
Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
Severity ?
No CVSS data available.
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
2.4.55 , ≤ 2.4.59
(semver)
|
Credits
Marc Stern (<marc.stern@approach-cyber.com>)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36387",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T16:22:03.472412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:28:29.258Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T17:04:49.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.59",
"status": "affected",
"version": "2.4.55",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marc Stern (\u003cmarc.stern@approach-cyber.com\u003e)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance."
}
],
"value": "Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T14:06:19.347Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2024-05-27T13:23:00.000Z",
"value": "fixed in r1918003 in trunk"
}
],
"title": "Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-36387",
"datePublished": "2024-07-01T18:10:25.512Z",
"dateReserved": "2024-05-27T11:13:32.415Z",
"dateUpdated": "2025-02-13T17:52:53.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43622 (GCVE-0-2023-43622)
Vulnerability from – Published: 2023-10-23 06:50 – Updated: 2025-02-13 17:13
VLAI?
Summary
An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern.
This has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.
This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.
Users are recommended to upgrade to version 2.4.58, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
2.4.55 , ≤ 2.4.57
(semver)
|
Credits
Prof. Sven Dietrich (City University of New York)
Isa Jafarov (City University of New York)
Prof. Heejo Lee (Korea University)
Choongin Lee (Korea University)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.773Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231027-0011/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43622",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T16:02:28.689513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T14:19:24.281Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.57",
"status": "affected",
"version": "2.4.55",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Prof. Sven Dietrich (City University of New York)"
},
{
"lang": "en",
"type": "finder",
"value": "Isa Jafarov (City University of New York)"
},
{
"lang": "en",
"type": "finder",
"value": "Prof. Heejo Lee (Korea University)"
},
{
"lang": "en",
"type": "finder",
"value": "Choongin Lee (Korea University)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known \"slow loris\" attack pattern.\u003cbr\u003e\u003cp\u003eThis has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.58, which fixes the issue.\u003c/p\u003e"
}
],
"value": "An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known \"slow loris\" attack pattern.\nThis has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.\n\nThis issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.\n\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-27T14:06:25.665Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231027-0011/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2023-09-15T09:51:00.000Z",
"value": "reported"
}
],
"title": "Apache HTTP Server: DoS in HTTP/2 with initial windows size 0",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-43622",
"datePublished": "2023-10-23T06:50:51.555Z",
"dateReserved": "2023-09-20T07:45:21.299Z",
"dateUpdated": "2025-02-13T17:13:24.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31122 (GCVE-0-2023-31122)
Vulnerability from – Published: 2023-10-23 06:51 – Updated: 2025-02-13 16:49
VLAI?
Summary
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.
Severity ?
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
0 , ≤ 2.4.57
(semver)
|
Credits
David Shoon (github/davidshoon)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.498Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231027-0011/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31122",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-11T20:23:50.224711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:47:23.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.57",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "David Shoon (github/davidshoon)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.\u003cp\u003eThis issue affects Apache HTTP Server: through 2.4.57.\u003c/p\u003e"
}
],
"value": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:10:27.784Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231027-0011/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-04-04T00:00:00.000Z",
"value": "Reported to security team"
}
],
"title": "Apache HTTP Server: mod_macro buffer over-read",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-31122",
"datePublished": "2023-10-23T06:51:59.705Z",
"dateReserved": "2023-04-24T17:37:59.263Z",
"dateUpdated": "2025-02-13T16:49:43.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27522 (GCVE-0-2023-27522)
Vulnerability from – Published: 2023-03-07 15:09 – Updated: 2025-02-13 16:45
VLAI?
Summary
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.
Special characters in the origin response header can truncate/split the response forwarded to the client.
Severity ?
No CVSS data available.
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Responses ('HTTP Response Smuggling')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
2.4.30 , ≤ 2.4.55
(semver)
|
Credits
Dimas Fariski Setyawan Putra (nyxsorcerer)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-01"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "http_server",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "2.4.55",
"status": "affected",
"version": "2.4.30",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27522",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T16:41:55.138882Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T16:42:56.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.55",
"status": "affected",
"version": "2.4.30",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dimas Fariski Setyawan Putra (nyxsorcerer)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eHTTP Response Smuggling vulnerability in Apache HTTP Server via mod_\u003ccode\u003eproxy_uwsgi\u003c/code\u003e. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.\u003c/div\u003e\u003cdiv\u003eSpecial characters in the origin response header can truncate/split the response forwarded to the client.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.\n\nSpecial characters in the origin response header can truncate/split the response forwarded to the client."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Responses (\u0027HTTP Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-08T21:06:20.401Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html"
},
{
"url": "https://security.gentoo.org/glsa/202309-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-01-29T06:42:00.000Z",
"value": "Reported to security team"
}
],
"title": "Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-27522",
"datePublished": "2023-03-07T15:09:30.122Z",
"dateReserved": "2023-03-02T12:24:47.536Z",
"dateUpdated": "2025-02-13T16:45:26.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25690 (GCVE-0-2023-25690)
Vulnerability from – Published: 2023-03-07 15:09 – Updated: 2025-02-13 16:44
VLAI?
Summary
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
Configurations are affected when mod_proxy is enabled along with some form of RewriteRule
or ProxyPassMatch in which a non-specific pattern matches
some portion of the user-supplied request-target (URL) data and is then
re-inserted into the proxied request-target using variable
substitution. For example, something like:
RewriteEngine on
RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P]
ProxyPassReverse /here/ http://example.com:8080/
Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
Severity ?
No CVSS data available.
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
2.4.0 , ≤ 2.4.55
(semver)
|
Credits
Lars Krapf of Adobe
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-01"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.55",
"status": "affected",
"version": "2.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lars Krapf of Adobe"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eSome mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003eConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eRewriteEngine on\u003cbr\u003eRewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P]\u003cbr\u003eProxyPassReverse /here/ http://example.com:8080/\u003c/div\u003e\u003cbr\u003eRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\n\n\n\n\nConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\n\n\n\n\nRewriteEngine on\nRewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P]\nProxyPassReverse /here/ http://example.com:8080/\n\n\nRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-02T16:06:10.239Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html"
},
{
"url": "https://security.gentoo.org/glsa/202309-01"
},
{
"url": "http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2023-02-02T02:01:00.000Z",
"value": "reported"
}
],
"title": "Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-25690",
"datePublished": "2023-03-07T15:09:03.080Z",
"dateReserved": "2023-02-12T13:28:31.657Z",
"dateUpdated": "2025-02-13T16:44:35.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-20001 (GCVE-0-2006-20001)
Vulnerability from – Published: 2023-01-17 19:07 – Updated: 2025-02-13 16:27
VLAI?
Summary
A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.
This issue affects Apache HTTP Server 2.4.54 and earlier.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
2.4 , ≤ 2.4.54
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:41.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20230316-0005/"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2006-20001",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T15:32:06.669346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:32:39.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.54",
"status": "affected",
"version": "2.4",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\u003cbr\u003e\u003cbr\u003eThis issue affects Apache HTTP Server 2.4.54 and earlier.\u003cbr\u003e"
}
],
"value": "A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.54 and earlier."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-08T21:06:27.122Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"url": "https://security.gentoo.org/glsa/202309-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2006-10-31T09:00:00.000Z",
"value": "Described in first edition of \"The Art of Software Security Assessment\""
},
{
"lang": "en",
"time": "2022-08-10T12:00:00.000Z",
"value": "Reported to security team"
}
],
"title": "Apache HTTP Server: mod_dav out of bounds read, or write of zero byte",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2006-20001",
"datePublished": "2023-01-17T19:07:27.136Z",
"dateReserved": "2022-09-01T14:24:05.065Z",
"dateUpdated": "2025-02-13T16:27:07.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4465 (GCVE-0-2007-4465)
Vulnerability from – Published: 2007-09-14 00:00 – Updated: 2025-01-17 14:50
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:53:56.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2008:0005",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"
},
{
"name": "3113",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3113"
},
{
"name": "28749",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28749"
},
{
"name": "oval:org.mitre.oval:def:6089",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089"
},
{
"name": "HPSBUX02465",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "26952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26952"
},
{
"name": "31651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31651"
},
{
"name": "SSRT090085",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "25653",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25653"
},
{
"name": "27563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27563"
},
{
"name": "27732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27732"
},
{
"name": "1019194",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019194"
},
{
"name": "RHSA-2007:0911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html"
},
{
"name": "RHSA-2008:0006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html"
},
{
"name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:10929",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929"
},
{
"name": "SSRT090192",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "SUSE-SA:2007:061",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"
},
{
"name": "FEDORA-2007-2214",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html"
},
{
"name": "RHSA-2008:0008",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html"
},
{
"name": "MDVSA-2008:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014"
},
{
"name": "HPSBUX02365",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30430"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm"
},
{
"name": "33105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33105"
},
{
"name": "apache-utf7-xss(36586)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586"
},
{
"name": "28467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28467"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
},
{
"name": "RHSA-2008:0004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html"
},
{
"name": "28607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28607"
},
{
"name": "GLSA-200711-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-06.xml"
},
{
"name": "HPSBUX02431",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "FEDORA-2007-707",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html"
},
{
"name": "28471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28471"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES",
"x_transferred"
],
"url": "http://securityreason.com/achievement_securityalert/46"
},
{
"name": "RHSA-2008:0261",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name": "USN-575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-575-1"
},
{
"name": "26842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26842"
},
{
"name": "SSRT080118",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"
},
{
"name": "35650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35650"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=186219"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2007-4465",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-05T17:42:37.598591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T14:50:38.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2008:0005",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"
},
{
"name": "3113",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3113"
},
{
"name": "28749",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28749"
},
{
"name": "oval:org.mitre.oval:def:6089",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089"
},
{
"name": "HPSBUX02465",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "26952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26952"
},
{
"name": "31651",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31651"
},
{
"name": "SSRT090085",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "25653",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25653"
},
{
"name": "27563",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27563"
},
{
"name": "27732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27732"
},
{
"name": "1019194",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019194"
},
{
"name": "RHSA-2007:0911",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html"
},
{
"name": "RHSA-2008:0006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html"
},
{
"name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:10929",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929"
},
{
"name": "SSRT090192",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "TA08-150A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "SUSE-SA:2007:061",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"
},
{
"name": "FEDORA-2007-2214",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html"
},
{
"name": "RHSA-2008:0008",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html"
},
{
"name": "MDVSA-2008:014",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014"
},
{
"name": "HPSBUX02365",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"
},
{
"name": "30430",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30430"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6"
},
{
"name": "APPLE-SA-2008-05-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm"
},
{
"name": "33105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33105"
},
{
"name": "apache-utf7-xss(36586)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586"
},
{
"name": "28467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28467"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
},
{
"name": "RHSA-2008:0004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html"
},
{
"name": "28607",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28607"
},
{
"name": "GLSA-200711-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200711-06.xml"
},
{
"name": "HPSBUX02431",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "FEDORA-2007-707",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html"
},
{
"name": "28471",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28471"
},
{
"name": "ADV-2008-1697",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_SREASONRES"
],
"url": "http://securityreason.com/achievement_securityalert/46"
},
{
"name": "RHSA-2008:0261",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name": "USN-575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-575-1"
},
{
"name": "26842",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26842"
},
{
"name": "SSRT080118",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"
},
{
"name": "35650",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35650"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=186219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2008:0005",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"
},
{
"name": "3113",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3113"
},
{
"name": "28749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28749"
},
{
"name": "oval:org.mitre.oval:def:6089",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089"
},
{
"name": "HPSBUX02465",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "26952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26952"
},
{
"name": "31651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31651"
},
{
"name": "SSRT090085",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "25653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25653"
},
{
"name": "27563",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27563"
},
{
"name": "27732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27732"
},
{
"name": "1019194",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019194"
},
{
"name": "RHSA-2007:0911",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html"
},
{
"name": "RHSA-2008:0006",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html"
},
{
"name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:10929",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929"
},
{
"name": "SSRT090192",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "SUSE-SA:2007:061",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"
},
{
"name": "FEDORA-2007-2214",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html"
},
{
"name": "RHSA-2008:0008",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html"
},
{
"name": "MDVSA-2008:014",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014"
},
{
"name": "HPSBUX02365",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "http://www.apache.org/dist/httpd/CHANGES_2.2.6",
"refsource": "CONFIRM",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm"
},
{
"name": "33105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33105"
},
{
"name": "apache-utf7-xss(36586)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586"
},
{
"name": "28467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28467"
},
{
"name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html",
"refsource": "CONFIRM",
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
},
{
"name": "RHSA-2008:0004",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html"
},
{
"name": "28607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28607"
},
{
"name": "GLSA-200711-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200711-06.xml"
},
{
"name": "HPSBUX02431",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=124654546101607\u0026w=2"
},
{
"name": "FEDORA-2007-707",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html"
},
{
"name": "28471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28471"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/46"
},
{
"name": "RHSA-2008:0261",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name": "USN-575-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-575-1"
},
{
"name": "26842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26842"
},
{
"name": "SSRT080118",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"
},
{
"name": "35650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35650"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=186219",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=186219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4465",
"datePublished": "2007-09-14T00:00:00",
"dateReserved": "2007-08-21T00:00:00",
"dateUpdated": "2025-01-17T14:50:38.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
displaying 31 - 40 organizations in total 41