cve-2007-6203
Vulnerability from cvelistv5
Published
2007-12-03 22:00
Modified
2024-08-07 15:54
Severity ?
Summary
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
References
cve@mitre.orghttp://docs.info.apple.com/article.html?artnum=307562
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=125631037611762&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=129190899612998&w=2
cve@mitre.orghttp://procheckup.com/Vulnerability_PR07-37.phpExploit
cve@mitre.orghttp://secunia.com/advisories/27906Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/28196Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/29348Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/29420Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/29640Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/30356Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/30732Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/33105Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/34219Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200803-19.xml
cve@mitre.orghttp://securityreason.com/securityalert/3411
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1PK57952
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg24019245
cve@mitre.orghttp://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/484410/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/26663Exploit
cve@mitre.orghttp://www.securitytracker.com/id?1019030
cve@mitre.orghttp://www.ubuntu.com/usn/USN-731-1
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/4060
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/4301
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0924/references
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/1623/references
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/1875/references
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/38800
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:27.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "PK57952",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
          },
          {
            "name": "GLSA-200803-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200803-19.xml"
          },
          {
            "name": "26663",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26663"
          },
          {
            "name": "oval:org.mitre.oval:def:12166",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166"
          },
          {
            "name": "34219",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34219"
          },
          {
            "name": "HPSBUX02465",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "27906",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27906"
          },
          {
            "name": "ADV-2008-1623",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1623/references"
          },
          {
            "name": "ADV-2008-0924",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0924/references"
          },
          {
            "name": "SSRT090192",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
          },
          {
            "name": "3411",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3411"
          },
          {
            "name": "ADV-2007-4301",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4301"
          },
          {
            "name": "USN-731-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-731-1"
          },
          {
            "name": "HPSBUX02612",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
          },
          {
            "name": "29420",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29420"
          },
          {
            "name": "ADV-2007-4060",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4060"
          },
          {
            "name": "APPLE-SA-2008-03-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
          },
          {
            "name": "33105",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33105"
          },
          {
            "name": "1019030",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019030"
          },
          {
            "name": "PK65782",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
          },
          {
            "name": "20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
          },
          {
            "name": "29348",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29348"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
          },
          {
            "name": "28196",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28196"
          },
          {
            "name": "SUSE-SA:2008:021",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
          },
          {
            "name": "30356",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30356"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307562"
          },
          {
            "name": "SSRT100345",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
          },
          {
            "name": "29640",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29640"
          },
          {
            "name": "apache-413error-xss(38800)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
          },
          {
            "name": "ADV-2008-1875",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1875/references"
          },
          {
            "name": "30732",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30732"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://procheckup.com/Vulnerability_PR07-37.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "PK57952",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
        },
        {
          "name": "GLSA-200803-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200803-19.xml"
        },
        {
          "name": "26663",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26663"
        },
        {
          "name": "oval:org.mitre.oval:def:12166",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166"
        },
        {
          "name": "34219",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34219"
        },
        {
          "name": "HPSBUX02465",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
        },
        {
          "name": "27906",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27906"
        },
        {
          "name": "ADV-2008-1623",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1623/references"
        },
        {
          "name": "ADV-2008-0924",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0924/references"
        },
        {
          "name": "SSRT090192",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
        },
        {
          "name": "3411",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3411"
        },
        {
          "name": "ADV-2007-4301",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4301"
        },
        {
          "name": "USN-731-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-731-1"
        },
        {
          "name": "HPSBUX02612",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
        },
        {
          "name": "29420",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29420"
        },
        {
          "name": "ADV-2007-4060",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4060"
        },
        {
          "name": "APPLE-SA-2008-03-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
        },
        {
          "name": "33105",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33105"
        },
        {
          "name": "1019030",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019030"
        },
        {
          "name": "PK65782",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
        },
        {
          "name": "20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
        },
        {
          "name": "29348",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29348"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
        },
        {
          "name": "28196",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28196"
        },
        {
          "name": "SUSE-SA:2008:021",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
        },
        {
          "name": "30356",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30356"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307562"
        },
        {
          "name": "SSRT100345",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
        },
        {
          "name": "29640",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29640"
        },
        {
          "name": "apache-413error-xss(38800)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
        },
        {
          "name": "ADV-2008-1875",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1875/references"
        },
        {
          "name": "30732",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30732"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://procheckup.com/Vulnerability_PR07-37.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-6203",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "PK57952",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
            },
            {
              "name": "GLSA-200803-19",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200803-19.xml"
            },
            {
              "name": "26663",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26663"
            },
            {
              "name": "oval:org.mitre.oval:def:12166",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166"
            },
            {
              "name": "34219",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34219"
            },
            {
              "name": "HPSBUX02465",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
            },
            {
              "name": "27906",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27906"
            },
            {
              "name": "ADV-2008-1623",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1623/references"
            },
            {
              "name": "ADV-2008-0924",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0924/references"
            },
            {
              "name": "SSRT090192",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
            },
            {
              "name": "3411",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3411"
            },
            {
              "name": "ADV-2007-4301",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4301"
            },
            {
              "name": "USN-731-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-731-1"
            },
            {
              "name": "HPSBUX02612",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
            },
            {
              "name": "29420",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29420"
            },
            {
              "name": "ADV-2007-4060",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4060"
            },
            {
              "name": "APPLE-SA-2008-03-18",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
            },
            {
              "name": "33105",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33105"
            },
            {
              "name": "1019030",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019030"
            },
            {
              "name": "PK65782",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
            },
            {
              "name": "20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
            },
            {
              "name": "29348",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29348"
            },
            {
              "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html",
              "refsource": "CONFIRM",
              "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
            },
            {
              "name": "28196",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28196"
            },
            {
              "name": "SUSE-SA:2008:021",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
            },
            {
              "name": "30356",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30356"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307562",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=307562"
            },
            {
              "name": "SSRT100345",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
            },
            {
              "name": "29640",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29640"
            },
            {
              "name": "apache-413error-xss(38800)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
            },
            {
              "name": "ADV-2008-1875",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1875/references"
            },
            {
              "name": "30732",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30732"
            },
            {
              "name": "http://procheckup.com/Vulnerability_PR07-37.php",
              "refsource": "MISC",
              "url": "http://procheckup.com/Vulnerability_PR07-37.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-6203",
    "datePublished": "2007-12-03T22:00:00",
    "dateReserved": "2007-12-03T00:00:00",
    "dateUpdated": "2024-08-07T15:54:27.075Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-6203\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-12-03T22:46:00.000\",\"lastModified\":\"2018-10-15T21:50:58.373\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \\\"413 Request Entity Too Large\\\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.\"},{\"lang\":\"es\",\"value\":\"Apache HTTP Server 2.0.x y 2.2.x no sanea la cabecera de especificador de HTTP Method de una petici\u00f3n HTTP cuando es reflejada en un error \\\"413 Request Entity Too Large\\\", lo cual podr\u00eda permitir ataques tipo secuencias de comandos en sitios cruzados (XSS) utilizando componentes de clientes web que pueden enviar cabeceras de su elecci\u00f3n en peticiones, como se demuestra con una petici\u00f3n petici\u00f3n HTTP conteniendo un valor inv\u00e1lido de Content-length, asunto similar a CVE-2006-3918.\"}],\"vendorComments\":[{\"organization\":\"Apache\",\"comment\":\"The Apache Software Foundation security team  does not consider this issue to be a security vulnerability. In order to exploit this for cross-site scripting, the attacker would have to get the victim to supply an arbitrary malformed HTTP method to a target site.\",\"lastModified\":\"2008-06-09T00:00:00\"},{\"organization\":\"Red Hat\",\"comment\":\"Red Hat does not consider this issue to be a vulnerability.  In order to exploit this for cross-site scripting, the attacker would have to get the victim to supply an arbitrary malformed HTTP method to a target site.\",\"lastModified\":\"2007-12-06T00:00:00\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB0FDE3D-1509-4375-8703-0D174D70B22E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFE732B5-00C9-4443-97E0-1DF21475C26B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C79C41D3-6894-4F2D-B8F8-82AB4780A824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"449A5647-CEA6-4314-9DB8-D086F388E1C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5A407B7-F432-48F0-916A-A49952F85CA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B5AC769-D07D-43C7-B252-A5A812E7D58C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADF4DBF6-DAF0-47E7-863B-C48DB7149A78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2F19D71-0A58-4B03-B351-596EB67ECF80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EBB3FF9-CF5A-4E7B-ACE3-A198343AD485\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D721FFB5-D6D3-4F60-8B09-B3AD07EE6D4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CF37A82-49B6-45D4-B91D-FDA2D4463A0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"030D1767-2DF7-48E3-B462-4B49CA751B35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5236DC61-5557-4C24-8F5B-F48548448588\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D72E88F0-AB0F-4B6F-AE86-71B0DE84BD75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"840FF871-79EC-472C-91BD-9E9AFC36B408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"191E8654-5338-4051-A1D5-EE491D594F13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B26CC819-7315-456F-9F95-2A64FCE6AC26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3774827-AB0B-4A95-844B-9BC904A9FE98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18D07925-542B-4369-AA21-5587703E12E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACC83EB5-4E9A-4EA9-8D9F-BDBF5F60C54A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80632488-5C7E-4C70-BB60-BC4756187670\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67AD11FB-529C-404E-A13B-284F145322B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCBBB7FE-35FC-4515-8393-5145339FCE4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F519633F-AB68-495A-B85E-FD41F9F752CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A894BED6-C97D-4DA4-A13D-9CB2B3306BC5\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=307562\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://procheckup.com/Vulnerability_PR07-37.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/27906\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28196\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29348\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29420\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29640\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30356\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30732\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33105\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34219\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200803-19.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/3411\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg24019245\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/484410/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26663\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1019030\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-731-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4060\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4301\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0924/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1623/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1875/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38800\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166\",\"source\":\"cve@mitre.org\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.