Description

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

Remediation

References

CVE-2007-6203

Related Vulnerabilities

PHP Other Vulnerability (CVE-2002-1396)

Moodle Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9187)

Internet Information Services Other Vulnerability (CVE-2000-0778)

PHP CVE-2008-2051 Vulnerability (CVE-2008-2051)

WordPress Plugin EELV Newsletter Multiple Vulnerabilities (4.6)

Severity

Medium

Classification

CVE-2007-6203 CWE-707

Tags

Missing Update Known Vulnerabilities