Description

It is possible to cause Apache HTTP server to return client-supplied scripting code by submitting a malformed HTTP method which would actually carry the payload (i.e.: malicious JavaScript) and invalid length data. Consult web references for more information about this vulnerability.

Remediation

Upgrade to the latest version of Apache.

References

PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method

CVE-2007-6203

Related Vulnerabilities

WordPress Plugin VideoWhisper Video Presentation Multiple Cross-Site Scripting Vulnerabilities (3.25)

WordPress Plugin WP Media Cleaner Multiple Cross-Site Scripting Vulnerabilities (2.2.6)

WordPress Plugin MobileView by ColorLabs & Company Cross-Site Scripting (1.0.7)

WordPress Plugin Chamber Dashboard Business Directory Cross-Site Scripting (3.2.8)

WordPress Plugin GeSHi Source Colorer Cross-Site Scripting (0.13)

Severity

Medium

Classification

CVE-2007-6203 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N

Tags

XSS