First published: Mon Dec 03 2007(Updated: )
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache HTTP server | =2.0.58 | |
Apache HTTP server | =2.2.0 | |
Apache HTTP server | =2.0.47 | |
Apache HTTP server | =2.0.50 | |
Apache HTTP server | =2.2.2 | |
Apache HTTP server | =2.1.3 | |
Apache HTTP server | =2.2.4 | |
Apache HTTP server | =2.0.55 | |
Apache HTTP server | =2.1.2 | |
Apache HTTP server | =2.1.1 | |
Apache HTTP server | =2.0.52 | |
Apache HTTP server | =2.1.7 | |
Apache HTTP server | =2.0.53 | |
Apache HTTP server | =2.0.57 | |
Apache HTTP server | =2.0.51 | |
Apache HTTP server | =2.0.49 | |
Apache HTTP server | =2.1.6 | |
Apache HTTP server | =2.1.4 | |
Apache HTTP server | =2.0.48 | |
Apache HTTP server | =2.1.5 | |
Apache HTTP server | =2.2.3 | |
Apache HTTP server | =2.0.46 | |
Apache HTTP server | =2.0.54 | |
Apache HTTP server | =2.0.59 | |
Apache HTTP server | =2.1.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.