Description

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

Remediation

References

CVE-2007-6203

Related Vulnerabilities

Three.js Uncontrolled Resource Consumption Vulnerability (CVE-2020-28496)

MySQL CVE-2020-2806 Vulnerability (CVE-2020-2806)

WordPress Plugin BuddyBoss Media Cross-Site Scripting (3.2.3)

WordPress Plugin Backup by Supsystic Local File Inclusion (2.3.9)

Oracle Application Server Other Vulnerability (CVE-2007-3859)

Severity

Medium

Classification

CVE-2007-6203 CWE-707

Tags

Missing Update Known Vulnerabilities