Published: 14/09/2007 Updated: 19/01/2024

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Subscribe to Http Server

Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server prior to 2.2.6, when the charset on a server-generated page is not defined, allows remote malicious users to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server

It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a craf ...

Debian Bug report logs - #453783 apache2: CVE-2007-4465 Package: apache2; Maintainer for apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Source for apache2 is src:apache2 (PTS, buildd, popcon) Reported by: Paul Szabo <psz@mathsusydeduau> Date: Sat, 1 Dec 2007 08:39:01 UTC Severity: importa ...

CWE-79 http://securityreason.com/achievement_securityalert/46 http://www.apache.org/dist/httpd/CHANGES_2.2.6 http://www.securityfocus.com/bid/25653 http://securityreason.com/securityalert/3113 http://bugs.gentoo.org/show_bug.cgi?id=186219 http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html http://security.gentoo.org/glsa/glsa-200711-06.xml http://www.redhat.com/support/errata/RHSA-2007-0911.html http://www.novell.com/linux/security/advisories/2007_61_apache2.html http://secunia.com/advisories/26842 http://secunia.com/advisories/26952 http://secunia.com/advisories/27563 http://secunia.com/advisories/27732 http://www.mandriva.com/security/advisories?name=MDVSA-2008:014 http://www.redhat.com/support/errata/RHSA-2008-0004.html http://www.redhat.com/support/errata/RHSA-2008-0005.html http://www.redhat.com/support/errata/RHSA-2008-0006.html http://www.redhat.com/support/errata/RHSA-2008-0008.html http://securitytracker.com/id?1019194 http://secunia.com/advisories/28467 http://secunia.com/advisories/28471 http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm http://secunia.com/advisories/28607 http://www.ubuntu.com/usn/usn-575-1 http://secunia.com/advisories/28749 http://www.redhat.com/support/errata/RHSA-2008-0261.html http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://www.us-cert.gov/cas/techalerts/TA08-150A.html http://secunia.com/advisories/30430 http://secunia.com/advisories/31651 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432 http://secunia.com/advisories/33105 http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html http://secunia.com/advisories/35650 http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://www.vupen.com/english/advisories/2008/1697 https://exchange.xforce.ibmcloud.com/vulnerabilities/36586 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929 http://www.securityfocus.com/archive/1/479237/100/0/threaded https://usn.ubuntu.com/575-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook