QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-6203

Back to search

CVE-2007-6203

Published: Dec 3, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

VendorProductVersions

n/a

n/a

affected
n/a

References

PK57952
vendor-advisory
x_refsource_AIXAPAR
GLSA-200803-19
vendor-advisory
x_refsource_GENTOO
26663
vdb-entry
x_refsource_BID
oval:org.mitre.oval:def:12166
vdb-entry
signature
x_refsource_OVAL
34219
third-party-advisory
x_refsource_SECUNIA
HPSBUX02465
vendor-advisory
x_refsource_HP
27906
third-party-advisory
x_refsource_SECUNIA
ADV-2008-1623
vdb-entry
x_refsource_VUPEN
ADV-2008-0924
vdb-entry
x_refsource_VUPEN
SSRT090192
vendor-advisory
x_refsource_HP
3411
third-party-advisory
x_refsource_SREASON
ADV-2007-4301
vdb-entry
x_refsource_VUPEN
USN-731-1
vendor-advisory
x_refsource_UBUNTU
HPSBUX02612
vendor-advisory
x_refsource_HP
29420
third-party-advisory
x_refsource_SECUNIA
ADV-2007-4060
vdb-entry
x_refsource_VUPEN
APPLE-SA-2008-03-18
vendor-advisory
x_refsource_APPLE
33105
third-party-advisory
x_refsource_SECUNIA
1019030
vdb-entry
x_refsource_SECTRACK
PK65782
vendor-advisory
x_refsource_AIXAPAR
29348
third-party-advisory
x_refsource_SECUNIA
28196
third-party-advisory
x_refsource_SECUNIA
SUSE-SA:2008:021
vendor-advisory
x_refsource_SUSE
30356
third-party-advisory
x_refsource_SECUNIA
SSRT100345
vendor-advisory
x_refsource_HP
29640
third-party-advisory
x_refsource_SECUNIA
apache-413error-xss(38800)
vdb-entry
x_refsource_XF
ADV-2008-1875
vdb-entry
x_refsource_VUPEN
30732
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now
CVE-2007-6203 - Security Vulnerability | QwikSec