WEB APPLICATION VULNERABILITIES Standard & Premium

Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-4465)

Description

Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.

Remediation

References

Related Vulnerabilities

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16172)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-4250)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-3454)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.29)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3436)

Severity

Medium

Classification

CVE-2007-4465 CWE-707

Tags

Missing Update Known Vulnerabilities