Home Corporate Website Jobs Mailing Lists RSS Blog New entry Advertise
	Software Inspectors   Scan Online   Personal (PSI)   Network (NSI 2.0)   - NEW - Solutions For   Security Professionals   Security Vendors Free Solutions For   Open Communities   Journalists & Media Secunia Advisories   Search   Historic Advisories   Listed By Product   Listed By Vendor   Statistics / Graphs   Secunia Research   Report Vulnerability   About Advisories Virus Information   Chronological List   Last 10 Virus Alerts   About Virus Information Secunia Customers   Customer Area CVE Reference: CVE-2007-6203 NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. Original Page at CVE MITRE: CVE-2007-6203 Description: Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. CVE Status: Candidate References: XF   http://xforce.iss.net/xforce/xfdb/38800 SUSE   http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html ST   1019030 SREASON   http://securityreason.com/securityalert/3411 SAID   Secunia Advisory: SA29420   Secunia Advisory: SA29348   Secunia Advisory: SA28196   Secunia Advisory: SA27906   Secunia Advisory: SA29640 MISC   http://procheckup.com/Vulnerability_PR07-37.php GENTOO   http://security.gentoo.org/glsa/glsa-200803-19.xml CONFIRM   http://docs.info.apple.com/article.html?artnum=307562 BUGTRAQ   http://www.securityfocus.com/archive/1/archive/1/484410/100/0/threaded BID   26663 APPLE   http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html AIXAPAR   http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952 Return to the previous page. Secunia PSI Scan | Patch | Track Free Download Secunia Poll Do you think it's important to read Setup/User Guides for applications for use within your network? Yes, I do it all the time Yes, but I do it rarely No See Results    Most Popular Advisories 1. Yahoo! Assistant yNotifier.dll ActiveX Control Code Execution 2. OpenKM Document Export Security Issue 3. vShare YouTube Clone "tid" SQL Injection Vulnerability 4. Zarafa Script Insertion Vulnerabilities 5. Cyberfolio "rep" File Inclusion Vulnerability 6. Maian Recipe Cross-Site Scripting Vulnerabilities 7. Maian Guestbook footer.php Cross-Site Scripting Vulnerabilities 8. Ubuntu update for vorbis-tools 9. SazCart Multiple File Inclusion Vulnerabilities 10. TFTP Server SP Long Error Message Buffer Overflow
Vulnerability Management - Terms & Conditions - Copyright 2002-2008 Secunia - Compliance - Contact Secunia