Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server 2.0.51 |
||
apache http server 2.0.52 |
||
apache http server 2.1.2 |
||
apache http server 2.1.3 |
||
apache http server 2.2.2 |
||
apache http server 2.2.3 |
||
apache http server 2.0.46 |
||
apache http server 2.0.53 |
||
apache http server 2.0.54 |
||
apache http server 2.0.55 |
||
apache http server 2.1.4 |
||
apache http server 2.1.5 |
||
apache http server 2.2.4 |
||
apache http server 2.0.47 |
||
apache http server 2.0.48 |
||
apache http server 2.0.57 |
||
apache http server 2.0.58 |
||
apache http server 2.1.6 |
||
apache http server 2.1.7 |
||
apache http server 2.0.49 |
||
apache http server 2.0.50 |
||
apache http server 2.0.59 |
||
apache http server 2.1.1 |
||
apache http server 2.1.8 |
||
apache http server 2.2.0 |