What is the severity of CVE-2007-4465?

CVE-2007-4465 is classified as a moderate severity vulnerability due to its potential for cross-site scripting (XSS) attacks.

How do I fix CVE-2007-4465?

To fix CVE-2007-4465, upgrade to Apache HTTP Server version 2.2.6 or later.

Which versions of Apache HTTP Server are affected by CVE-2007-4465?

CVE-2007-4465 affects various versions of Apache HTTP Server prior to 2.2.6, including all 2.0.x and many 2.2.x versions.

What type of attack does CVE-2007-4465 enable?

CVE-2007-4465 enables remote attackers to perform cross-site scripting (XSS) attacks via the P parameter using the UTF-7 charset.

Is CVE-2007-4465 a commonly exploited vulnerability?

While CVE-2007-4465 can be exploited for XSS attacks, its actual exploitation in the wild may vary and depend on specific circumstances.

Vulnerability/
CVE-2007-4465

medium

6.1

CWE

14/9/2007

17/1/2025

CVE-2007-4465: XSS

First published: Fri Sep 14 2007(Updated: )

Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Apache Http Server	>=2.0.0<2.0.61
Apache Http Server	>=2.2.0<2.2.6
Apache Http Server	=2.0.42
Apache Http Server	=2.2
Apache Http Server	=2.0.58
Apache Http Server	=2.0.47
Apache Http Server	=2.1
Apache Http Server	=2.0.56
Apache Http Server	=2.0.50
Apache Http Server	=2.2.2
Apache Http Server	=2.1.3
Apache Http Server	=2.2.4
Apache Http Server	=2.0.35
Apache Http Server	=2.0.37
Apache Http Server	=2.0.55
Apache Http Server	=2.1.2
Apache Http Server	=2.1.1
Apache Http Server	=2.0.44
Apache Http Server	=2.0.39
Apache Http Server	=2.0.52
Apache Http Server	=2.1.7
Apache Http Server	=2.0.53
Apache Http Server	=2.0.57
Apache Http Server	=2.0.51
Apache Http Server	=2.0.28-beta
Apache Http Server	=2.0.41
Apache Http Server	=2.0.49
Apache Http Server	=2.1.6
Apache Http Server	=2.0.9
Apache Http Server	=2.0.34-beta
Apache Http Server	=2.0.61
Apache Http Server	=2.0.32
Apache Http Server	=2.0.38
Apache Http Server	=2.1.4
Apache Http Server	=2.0.48
Apache Http Server	=2.0.45
Apache Http Server	=2.0.40
Apache Http Server	=2.1.5
Apache Http Server	=2.0.36
Apache Http Server	=2.2.3
Apache Http Server	=2.0.46
Apache Http Server	=2.0.54
Apache Http Server	=2.0.43
Apache Http Server	=2.0.59
Apache Http Server	=2.1.8
Apache Http Server	=2.0.28
Apache Http Server	=2.0
Apache Http Server	=2.0.32-beta
Apache Http Server	=2.2.1
Apache Http Server	=2.0.60
Apache Http Server

Remedy

http://www.securityfocus.com/bid/25653

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-4465?
CVE-2007-4465 is classified as a moderate severity vulnerability due to its potential for cross-site scripting (XSS) attacks.
How do I fix CVE-2007-4465?
To fix CVE-2007-4465, upgrade to Apache HTTP Server version 2.2.6 or later.
Which versions of Apache HTTP Server are affected by CVE-2007-4465?
CVE-2007-4465 affects various versions of Apache HTTP Server prior to 2.2.6, including all 2.0.x and many 2.2.x versions.
What type of attack does CVE-2007-4465 enable?
CVE-2007-4465 enables remote attackers to perform cross-site scripting (XSS) attacks via the P parameter using the UTF-7 charset.
Is CVE-2007-4465 a commonly exploited vulnerability?
While CVE-2007-4465 can be exploited for XSS attacks, its actual exploitation in the wild may vary and depend on specific circumstances.

agent/references
agent/author
agent/type
agent/remedy
agent/description
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-historical
collector/nvd-index
agent/softwarecombine
agent/weakness
agent/tags
agent/source
vendor/apache
canonical/apache http server
version/apache http server/2.0.0
version/apache http server/2.2.0
version/apache http server/2.0.42
version/apache http server/2.2
version/apache http server/2.0.58
version/apache http server/2.0.47
version/apache http server/2.1
version/apache http server/2.0.56
version/apache http server/2.0.50
version/apache http server/2.2.2
version/apache http server/2.1.3
version/apache http server/2.2.4
version/apache http server/2.0.35
version/apache http server/2.0.37
version/apache http server/2.0.55
version/apache http server/2.1.2
version/apache http server/2.1.1
version/apache http server/2.0.44
version/apache http server/2.0.39
version/apache http server/2.0.52
version/apache http server/2.1.7
version/apache http server/2.0.53
version/apache http server/2.0.57
version/apache http server/2.0.51
version/apache http server/2.0.28-beta
version/apache http server/2.0.41
version/apache http server/2.0.49
version/apache http server/2.1.6
version/apache http server/2.0.9
version/apache http server/2.0.34-beta
version/apache http server/2.0.61
version/apache http server/2.0.32
version/apache http server/2.0.38
version/apache http server/2.1.4
version/apache http server/2.0.48
version/apache http server/2.0.45
version/apache http server/2.0.40
version/apache http server/2.1.5
version/apache http server/2.0.36
version/apache http server/2.2.3
version/apache http server/2.0.46
version/apache http server/2.0.54
version/apache http server/2.0.43
version/apache http server/2.0.59
version/apache http server/2.1.8
version/apache http server/2.0.28
version/apache http server/2.0
version/apache http server/2.0.32-beta
version/apache http server/2.2.1
version/apache http server/2.0.60