Description

It is possible to cause Apache HTTP server to return client-supplied scripting code by submitting a malformed HTTP method which would actually carry the payload (i.e.: malicious JavaScript) and invalid length data. Consult web references for more information about this vulnerability.

Remediation

Upgrade to the latest version of Apache.

References

PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method

CVE-2007-6203

Related Vulnerabilities

WordPress Plugin Parsian Bank Woocommerce Cross-Site Scripting (1.0)

WordPress Plugin Change Password and E-mail Cross-Site Scripting (1.0)

WordPress Plugin LearnPress-WordPress LMS Cross-Site Scripting (4.1.6.5)

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark Cross-Site Scripting (2.8.7)

WordPress Plugin WP-Stats-Dashboard Multiple Cross-Site Scripting Vulnerabilities (2.6.5.1)

Severity

Medium

Classification

CVE-2007-6203 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N

Tags

XSS