Description

It is possible to cause Apache HTTP server to return client-supplied scripting code by submitting a malformed HTTP method which would actually carry the payload (i.e.: malicious JavaScript) and invalid length data. Consult web references for more information about this vulnerability.

Remediation

Upgrade to the latest version of Apache.

References

PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method

CVE-2007-6203

Related Vulnerabilities

WordPress Plugin Bug Library Cross-Site Scripting (2.0.3)

WordPress Plugin Broken Link Manager Cross-Site Scripting (0.5.5)

WordPress Plugin Marekkis Watermark Cross-Site Scripting (0.9.1)

WordPress Plugin Rimons Twitter Widget Cross-Site Scripting (1.2.4)

WordPress Plugin YouTube Video Inserter Cross-Site Scripting (1.2.1.0)

Severity

Medium

Classification

CVE-2007-6203 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N

Tags

XSS