First published: Fri Sep 14 2007(Updated: )
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache HTTP server | =2.0.42 | |
Apache HTTP server | =2.2 | |
Apache HTTP server | =2.0.58 | |
Apache HTTP server | =2.0.47 | |
Apache HTTP server | =2.1 | |
Apache HTTP server | =2.0.56 | |
Apache HTTP server | =2.0.50 | |
Apache HTTP server | =2.2.2 | |
Apache HTTP server | =2.1.3 | |
Apache HTTP server | =2.2.4 | |
Apache HTTP server | =2.0.35 | |
Apache HTTP server | =2.0.37 | |
Apache HTTP server | =2.0.55 | |
Apache HTTP server | =2.1.2 | |
Apache HTTP server | =2.1.1 | |
Apache HTTP server | =2.0.44 | |
Apache HTTP server | =2.0.39 | |
Apache HTTP server | =2.0.52 | |
Apache HTTP server | =2.1.7 | |
Apache HTTP server | =2.0.53 | |
Apache HTTP server | =2.0.57 | |
Apache HTTP server | =2.0.51 | |
Apache HTTP server | =2.0.28-beta | |
Apache HTTP server | =2.0.41 | |
Apache HTTP server | =2.0.49 | |
Apache HTTP server | =2.1.6 | |
Apache HTTP server | =2.0.9 | |
Apache HTTP server | =2.0.34-beta | |
Apache HTTP server | =2.0.61 | |
Apache HTTP server | =2.0.32 | |
Apache HTTP server | =2.0.38 | |
Apache HTTP server | =2.1.4 | |
Apache HTTP server | =2.0.48 | |
Apache HTTP server | =2.0.45 | |
Apache HTTP server | =2.0.40 | |
Apache HTTP server | =2.1.5 | |
Apache HTTP server | =2.0.36 | |
Apache HTTP server | =2.2.3 | |
Apache HTTP server | =2.0.46 | |
Apache HTTP server | =2.0.54 | |
Apache HTTP server | =2.0.43 | |
Apache HTTP server | =2.0.59 | |
Apache HTTP server | =2.1.8 | |
Apache HTTP server | =2.0.28 | |
Apache HTTP server | =2.0 | |
Apache HTTP server | =2.0.32-beta | |
Apache HTTP server | =2.2.1 | |
Apache HTTP server | =2.0.60 | |
Apache HTTP server | ||
Apache HTTP server | >=2.0.0<2.0.61 | |
Apache HTTP server | >=2.2.0<2.2.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.