Oval Definition:oval:org.mitre.oval:def:6089
Revision Date:2015-04-20Version:26
Title:HP-UX Running Apache, Remote Cross Site Scripting (XSS) or Denial of Service (DoS)
Description:Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2007-4465
Platform(s):HP-UX 11
Product(s):
Definition Synopsis
  • Criteria meets HP Security Bulletin HPSBUX02365
  • HP-UX B.11.11
  • AND filesets tests
  • hpuxwsAPACHE.PHP version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.PHP2 version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.APACHE version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.APACHE2 version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.AUTH_LDAP version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.AUTH_LDAP2 version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.MOD_JK version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.MOD_JK2 version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.WEBPROXY version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.MOD_PERL version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.MOD_PERL2 version is less than B.2.0.59.07.01
  • OR Criteria meets HP Security Bulletin HPSBUX02365
  • platforms
  • HP-UX B.11.31
  • OR HP-UX B.11.23
  • AND filesets tests
  • hpuxwsAPCH32.PHP version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.APACHE2 version is less than B.2.0.59.07.01
  • OR hpuxwsAPCH32.PHP2 version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.AUTH_LDAP version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.AUTH_LDAP2 version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.MOD_JK version is less than B.2.0.59.07.01
  • OR hpuxwsAPCH32.APACHE version is less than B.2.0.59.07.01
  • OR hpuxwsAPCH32.APACHE2 version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.MOD_JK2 version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.MOD_PERL version is less than B.2.0.59.07.01
  • OR hpuxwsAPCH32.AUTH_LDAP version is less than B.2.0.59.07.01
  • OR hpuxwsAPCH32.AUTH_LDAP2 version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.MOD_PERL2 version is less than B.2.0.59.07.01
  • OR hpuxwsAPCH32.MOD_JK version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.PHP version is less than B.2.0.59.07.01
  • OR hpuxwsAPCH32.MOD_JK2 version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.PHP2 version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.WEBPROXY version is less than B.2.0.59.07.01
  • OR hpuxwsAPCH32.MOD_PERL version is less than B.2.0.59.07.01
  • OR hpuxwsAPCH32.WEBPROXY version is less than B.2.0.59.07.01
  • OR hpuxwsAPCH32.MOD_PERL2 version is less than B.2.0.59.07.01
  • OR hpuxwsAPACHE.APACHE version is less than B.2.0.59.07.01
    • BACK