Vulnerability DatabaseCVE-2007-6203
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2007-6203
December 03, 2007
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
Related Resources (33)
https://security-tracker.debian.org/tracker/CVE-2007-6203
https://exchange.xforce.ibmcloud.com/vulnerabilities/38800
http://secunia.com/advisories/34219
http://www.vupen.com/english/advisories/2007/4060
http://security.gentoo.org/glsa/glsa-200803-19.xml
http://www-1.ibm.com/support/docview.wss?uid=swg24019245
http://docs.info.apple.com/article.html?artnum=307562
http://www.ubuntu.com/usn/USN-731-1
http://www.vupen.com/english/advisories/2008/1623/references
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://procheckup.com/Vulnerability_PR07-37.php
http://secunia.com/advisories/30356
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2007-6203
http://securityreason.com/securityalert/3411
http://www.securityfocus.com/archive/1/484410/100/0/threaded
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html
http://www.vupen.com/english/advisories/2007/4301
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166
http://www.vupen.com/english/advisories/2008/1875/references
http://secunia.com/advisories/27906
http://secunia.com/advisories/30732
http://www.securityfocus.com/bid/26663
http://secunia.com/advisories/29420
http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952
http://secunia.com/advisories/29640
http://secunia.com/advisories/28196
http://marc.info/?l=bugtraq&m=129190899612998&w=2
http://www.securitytracker.com/id?1019030
http://www.vupen.com/english/advisories/2008/0924/references
http://secunia.com/advisories/29348
http://secunia.com/advisories/33105
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE
CVSS v2
Base Score:
4.3
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79
EPSS
Base Score:
73.14