CVE-2007-6203 (GCVE-0-2007-6203)
Vulnerability from cvelistv5 – Published: 2007-12-03 22:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "PK57952",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
},
{
"name": "GLSA-200803-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-19.xml"
},
{
"name": "26663",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26663"
},
{
"name": "oval:org.mitre.oval:def:12166",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166"
},
{
"name": "34219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34219"
},
{
"name": "HPSBUX02465",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "27906",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27906"
},
{
"name": "ADV-2008-1623",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1623/references"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SSRT090192",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "3411",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3411"
},
{
"name": "ADV-2007-4301",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4301"
},
{
"name": "USN-731-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-731-1"
},
{
"name": "HPSBUX02612",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "ADV-2007-4060",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4060"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "33105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33105"
},
{
"name": "1019030",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019030"
},
{
"name": "PK65782",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
},
{
"name": "20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
},
{
"name": "29348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
},
{
"name": "28196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28196"
},
{
"name": "SUSE-SA:2008:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
},
{
"name": "30356",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30356"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "SSRT100345",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
},
{
"name": "29640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29640"
},
{
"name": "apache-413error-xss(38800)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
},
{
"name": "ADV-2008-1875",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1875/references"
},
{
"name": "30732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30732"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://procheckup.com/Vulnerability_PR07-37.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "PK57952",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
},
{
"name": "GLSA-200803-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-19.xml"
},
{
"name": "26663",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26663"
},
{
"name": "oval:org.mitre.oval:def:12166",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166"
},
{
"name": "34219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34219"
},
{
"name": "HPSBUX02465",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "27906",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27906"
},
{
"name": "ADV-2008-1623",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1623/references"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SSRT090192",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "3411",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3411"
},
{
"name": "ADV-2007-4301",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4301"
},
{
"name": "USN-731-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-731-1"
},
{
"name": "HPSBUX02612",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "ADV-2007-4060",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4060"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "33105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33105"
},
{
"name": "1019030",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019030"
},
{
"name": "PK65782",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
},
{
"name": "20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
},
{
"name": "29348",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
},
{
"name": "28196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28196"
},
{
"name": "SUSE-SA:2008:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
},
{
"name": "30356",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30356"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "SSRT100345",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
},
{
"name": "29640",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29640"
},
{
"name": "apache-413error-xss(38800)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
},
{
"name": "ADV-2008-1875",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1875/references"
},
{
"name": "30732",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30732"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://procheckup.com/Vulnerability_PR07-37.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \"413 Request Entity Too Large\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PK57952",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952"
},
{
"name": "GLSA-200803-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-19.xml"
},
{
"name": "26663",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26663"
},
{
"name": "oval:org.mitre.oval:def:12166",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166"
},
{
"name": "34219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34219"
},
{
"name": "HPSBUX02465",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "27906",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27906"
},
{
"name": "ADV-2008-1623",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1623/references"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SSRT090192",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2"
},
{
"name": "3411",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3411"
},
{
"name": "ADV-2007-4301",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4301"
},
{
"name": "USN-731-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-731-1"
},
{
"name": "HPSBUX02612",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "ADV-2007-4060",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4060"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "33105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33105"
},
{
"name": "1019030",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019030"
},
{
"name": "PK65782",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24019245"
},
{
"name": "20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484410/100/0/threaded"
},
{
"name": "29348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29348"
},
{
"name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html",
"refsource": "CONFIRM",
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"
},
{
"name": "28196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28196"
},
{
"name": "SUSE-SA:2008:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"
},
{
"name": "30356",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30356"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "SSRT100345",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2"
},
{
"name": "29640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29640"
},
{
"name": "apache-413error-xss(38800)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38800"
},
{
"name": "ADV-2008-1875",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1875/references"
},
{
"name": "30732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30732"
},
{
"name": "http://procheckup.com/Vulnerability_PR07-37.php",
"refsource": "MISC",
"url": "http://procheckup.com/Vulnerability_PR07-37.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6203",
"datePublished": "2007-12-03T22:00:00",
"dateReserved": "2007-12-03T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB0FDE3D-1509-4375-8703-0D174D70B22E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFE732B5-00C9-4443-97E0-1DF21475C26B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C79C41D3-6894-4F2D-B8F8-82AB4780A824\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"449A5647-CEA6-4314-9DB8-D086F388E1C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5A407B7-F432-48F0-916A-A49952F85CA6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B5AC769-D07D-43C7-B252-A5A812E7D58C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADF4DBF6-DAF0-47E7-863B-C48DB7149A78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2F19D71-0A58-4B03-B351-596EB67ECF80\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EBB3FF9-CF5A-4E7B-ACE3-A198343AD485\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D721FFB5-D6D3-4F60-8B09-B3AD07EE6D4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CF37A82-49B6-45D4-B91D-FDA2D4463A0C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"030D1767-2DF7-48E3-B462-4B49CA751B35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5236DC61-5557-4C24-8F5B-F48548448588\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D72E88F0-AB0F-4B6F-AE86-71B0DE84BD75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"840FF871-79EC-472C-91BD-9E9AFC36B408\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"191E8654-5338-4051-A1D5-EE491D594F13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B26CC819-7315-456F-9F95-2A64FCE6AC26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3774827-AB0B-4A95-844B-9BC904A9FE98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18D07925-542B-4369-AA21-5587703E12E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACC83EB5-4E9A-4EA9-8D9F-BDBF5F60C54A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80632488-5C7E-4C70-BB60-BC4756187670\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"67AD11FB-529C-404E-A13B-284F145322B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCBBB7FE-35FC-4515-8393-5145339FCE4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F519633F-AB68-495A-B85E-FD41F9F752CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A894BED6-C97D-4DA4-A13D-9CB2B3306BC5\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \\\"413 Request Entity Too Large\\\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.\"}, {\"lang\": \"es\", \"value\": \"Apache HTTP Server 2.0.x y 2.2.x no sanea la cabecera de especificador de HTTP Method de una petici\\u00f3n HTTP cuando es reflejada en un error \\\"413 Request Entity Too Large\\\", lo cual podr\\u00eda permitir ataques tipo secuencias de comandos en sitios cruzados (XSS) utilizando componentes de clientes web que pueden enviar cabeceras de su elecci\\u00f3n en peticiones, como se demuestra con una petici\\u00f3n petici\\u00f3n HTTP conteniendo un valor inv\\u00e1lido de Content-length, asunto similar a CVE-2006-3918.\"}]",
"id": "CVE-2007-6203",
"lastModified": "2024-11-21T00:39:36.007",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2007-12-03T22:46:00.000",
"references": "[{\"url\": \"http://docs.info.apple.com/article.html?artnum=307562\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://procheckup.com/Vulnerability_PR07-37.php\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/27906\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/28196\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29348\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29420\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29640\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30356\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30732\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/33105\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34219\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200803-19.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securityreason.com/securityalert/3411\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg24019245\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484410/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/26663\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1019030\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-731-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4060\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4301\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0924/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1623/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1875/references\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38800\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://docs.info.apple.com/article.html?artnum=307562\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://procheckup.com/Vulnerability_PR07-37.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/27906\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/28196\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29348\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29420\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/29640\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30356\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/30732\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/33105\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/34219\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200803-19.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/3411\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-1.ibm.com/support/docview.wss?uid=swg24019245\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484410/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26663\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securitytracker.com/id?1019030\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-731-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4060\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4301\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0924/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1623/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1875/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38800\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vendorComments": "[{\"organization\": \"Apache\", \"comment\": \"The Apache Software Foundation security team does not consider this issue to be a security vulnerability. In order to exploit this for cross-site scripting, the attacker would have to get the victim to supply an arbitrary malformed HTTP method to a target site.\", \"lastModified\": \"2008-06-09T00:00:00\"}, {\"organization\": \"Red Hat\", \"comment\": \"Red Hat does not consider this issue to be a vulnerability. In order to exploit this for cross-site scripting, the attacker would have to get the victim to supply an arbitrary malformed HTTP method to a target site.\", \"lastModified\": \"2007-12-06T00:00:00\"}]",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2007-6203\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-12-03T22:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a \\\"413 Request Entity Too Large\\\" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.\"},{\"lang\":\"es\",\"value\":\"Apache HTTP Server 2.0.x y 2.2.x no sanea la cabecera de especificador de HTTP Method de una petici\u00f3n HTTP cuando es reflejada en un error \\\"413 Request Entity Too Large\\\", lo cual podr\u00eda permitir ataques tipo secuencias de comandos en sitios cruzados (XSS) utilizando componentes de clientes web que pueden enviar cabeceras de su elecci\u00f3n en peticiones, como se demuestra con una petici\u00f3n petici\u00f3n HTTP conteniendo un valor inv\u00e1lido de Content-length, asunto similar a CVE-2006-3918.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB0FDE3D-1509-4375-8703-0D174D70B22E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFE732B5-00C9-4443-97E0-1DF21475C26B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C79C41D3-6894-4F2D-B8F8-82AB4780A824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"449A5647-CEA6-4314-9DB8-D086F388E1C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5A407B7-F432-48F0-916A-A49952F85CA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B5AC769-D07D-43C7-B252-A5A812E7D58C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADF4DBF6-DAF0-47E7-863B-C48DB7149A78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2F19D71-0A58-4B03-B351-596EB67ECF80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EBB3FF9-CF5A-4E7B-ACE3-A198343AD485\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D721FFB5-D6D3-4F60-8B09-B3AD07EE6D4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CF37A82-49B6-45D4-B91D-FDA2D4463A0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"030D1767-2DF7-48E3-B462-4B49CA751B35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5236DC61-5557-4C24-8F5B-F48548448588\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D72E88F0-AB0F-4B6F-AE86-71B0DE84BD75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"840FF871-79EC-472C-91BD-9E9AFC36B408\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"191E8654-5338-4051-A1D5-EE491D594F13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B26CC819-7315-456F-9F95-2A64FCE6AC26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3774827-AB0B-4A95-844B-9BC904A9FE98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18D07925-542B-4369-AA21-5587703E12E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACC83EB5-4E9A-4EA9-8D9F-BDBF5F60C54A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80632488-5C7E-4C70-BB60-BC4756187670\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67AD11FB-529C-404E-A13B-284F145322B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCBBB7FE-35FC-4515-8393-5145339FCE4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F519633F-AB68-495A-B85E-FD41F9F752CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A894BED6-C97D-4DA4-A13D-9CB2B3306BC5\"}]}]}],\"references\":[{\"url\":\"http://docs.info.apple.com/article.html?artnum=307562\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://procheckup.com/Vulnerability_PR07-37.php\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/27906\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28196\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29348\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29420\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29640\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30356\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30732\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33105\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34219\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200803-19.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/3411\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg24019245\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/484410/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26663\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1019030\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-731-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4060\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4301\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0924/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1623/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1875/references\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38800\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=307562\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=125631037611762\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=129190899612998\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://procheckup.com/Vulnerability_PR07-37.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/27906\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/28196\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29348\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29420\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/29640\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30356\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/30732\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33105\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/34219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200803-19.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/3411\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-1.ibm.com/support/docview.wss?uid=swg24019245\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/484410/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26663\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1019030\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-731-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/4301\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0924/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1623/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1875/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38800\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Apache\",\"comment\":\"The Apache Software Foundation security team does not consider this issue to be a security vulnerability. In order to exploit this for cross-site scripting, the attacker would have to get the victim to supply an arbitrary malformed HTTP method to a target site.\",\"lastModified\":\"2008-06-09T00:00:00\"},{\"organization\":\"Red Hat\",\"comment\":\"Red Hat does not consider this issue to be a vulnerability. In order to exploit this for cross-site scripting, the attacker would have to get the victim to supply an arbitrary malformed HTTP method to a target site.\",\"lastModified\":\"2007-12-06T00:00:00\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…