Home > Vulnerability Database > CVE-2007-6203

Mend.io Vulnerability Database

CVE-2007-6203

Date: December 3, 2007

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

Severity Score

3.7

Related Resources (35)

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166

Url: http://secunia.com/advisories/28196

Url: http://www.vupen.com/english/advisories/2008/1875/references

Url: http://secunia.com/advisories/29420

Url: http://secunia.com/advisories/29640

Url: http://secunia.com/advisories/34219

Url: http://www.vupen.com/english/advisories/2008/0924/references

Url: http://docs.info.apple.com/article.html?artnum=307562

Url: http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952

Url: http://secunia.com/advisories/30732

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-6203

Url: http://secunia.com/advisories/33105

Url: http://secunia.com/advisories/30356

Url: http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

Url: http://procheckup.com/Vulnerability_PR07-37.php

Url: http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html

Url: http://www-1.ibm.com/support/docview.wss?uid=swg24019245

Url: http://security.gentoo.org/glsa/glsa-200803-19.xml

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-6203

Url: http://marc.info/?l=bugtraq&m=129190899612998&w=2

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/38800

Url: http://www.securitytracker.com/id?1019030

Url: http://www.vupen.com/english/advisories/2007/4060

Url: http://www.securityfocus.com/bid/26663

Url: http://www.ubuntu.com/usn/USN-731-1

Url: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html

Url: http://www.vupen.com/english/advisories/2007/4301

Url: http://securityreason.com/securityalert/3411

Url: http://marc.info/?l=bugtraq&m=125631037611762&w=2

Url: http://www.vupen.com/english/advisories/2008/1623/references

Url: http://secunia.com/advisories/27906

Url: http://www.securityfocus.com/archive/1/484410/100/0/threaded

Url: https://security-tracker.debian.org/tracker/CVE-2007-6203

Url: http://secunia.com/advisories/29348

Url: https://www.mend.io/vulnerability-database/CVE-2007-6203

Severity Score

3.7

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-6203

Date: December 3, 2007

Severity Score

Related Resources (35)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?