CVE-2007-6203
Published: 3 December 2007
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
Notes
| Author | Note |
|---|---|
| jdstrand | seems a very hard bug to exploit, if at all. See: http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952 |
| mdeslaur | test available: http://www.securityfocus.com/archive/1/archive/1/484410/100/0/threaded |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
apache2 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.0.55-4ubuntu2.4)
|
| edgy |
Needed
(reached end-of-life)
|
|
| feisty |
Needed
(reached end-of-life)
|
|
| gutsy |
Released
(2.2.4-3ubuntu0.2)
|
|
| hardy |
Not vulnerable
(2.2.6-3)
|
|
| intrepid |
Not vulnerable
(2.2.6-3)
|
|
| upstream |
Released
(2.2.6-3)
|
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=rev&revision=600645 upstream: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_protocol.c?r1=594839&r2=600645&pathrev=600645 upstream: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_protocol.c?r1=600645&r2=603346 (not exploitable) |
||