Vulnerability Name:

CVE-2007-6203 (CCN-38800)

Assigned:2007-11-30
Published:2007-11-30
Updated:2018-10-15
Summary:Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Fri Nov 30 2007 - 10:17:45 CST
PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method

Source: MITRE
Type: CNA
CVE-2007-6203

Source: CCN
Type: Apple Web site Apple Web site
About Security Update 2008-002 About Security Update 2008-002

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307562

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-03-18

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:021

Source: HP
Type: UNKNOWN
HPSBUX02465

Source: HP
Type: UNKNOWN
HPSBUX02612

Source: MISC
Type: Exploit
http://procheckup.com/Vulnerability_PR07-37.php

Source: CCN
Type: SA27906
Apache HTTP Method Request Entity Too Large Cross-Site Scripting

Source: SECUNIA
Type: Vendor Advisory
27906

Source: CCN
Type: SA28196
IBM HTTP Server Two Cross-Site Scripting Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
28196

Source: SECUNIA
Type: Vendor Advisory
29348

Source: CCN
Type: SA29420
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
29420

Source: SECUNIA
Type: Vendor Advisory
29640

Source: CCN
Type: SA30356
IBM HTTP Server Multiple Cross-Site Scripting Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
30356

Source: CCN
Type: SA30732
IBM HMC Apache Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
30732

Source: CCN
Type: SA33105
Fujitsu Interstage HTTP Server Cross-Site Scripting Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
33105

Source: SECUNIA
Type: Vendor Advisory
34219

Source: GENTOO
Type: UNKNOWN
GLSA-200803-19

Source: SREASON
Type: UNKNOWN
3411

Source: CCN
Type: SECTRACK ID: 1019030
Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks

Source: AIXAPAR
Type: UNKNOWN
PK57952

Source: CCN
Type: IBM APAR PK57952
INPUT METHOD NOT ESCAPED IN DEFAULT 413 ERROR RESPONSE

Source: AIXAPAR
Type: UNKNOWN
PK65782

Source: CCN
Type: Apache Web site
Welcome! - The Apache Software Foundation

Source: CCN
Type: FUJITSU Web site
Interstage HTTP Server: Cross-site Scripting Problem (CVE-2007-4465/ CVE-2007-6203).

Source: CONFIRM
Type: UNKNOWN
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html

Source: CCN
Type: GLSA-200803-19
Apache: Multiple vulnerabilities

Source: BUGTRAQ
Type: UNKNOWN
20071130 PR07-37: XSS on Apache HTTP Server 413 error pages via malformed HTTP method

Source: BID
Type: Exploit
26663

Source: CCN
Type: BID-26663
Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness

Source: SECTRACK
Type: UNKNOWN
1019030

Source: CCN
Type: TLSA-2008-24
Three vulnerabilities discovered in httpd

Source: CCN
Type: USN-731-1
Apache vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-731-1

Source: VUPEN
Type: UNKNOWN
ADV-2007-4060

Source: VUPEN
Type: UNKNOWN
ADV-2007-4301

Source: VUPEN
Type: UNKNOWN
ADV-2008-0924

Source: VUPEN
Type: UNKNOWN
ADV-2008-1623

Source: VUPEN
Type: UNKNOWN
ADV-2008-1875

Source: XF
Type: UNKNOWN
apache-413error-xss(38800)

Source: XF
Type: UNKNOWN
apache-413error-xss(38800)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:12166

Source: SUSE
Type: SUSE-SA:2008:021
Apache security problems

Source: CCN
Type: IBM Systems Support Web site
Support for HMC

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:http_server:2.0.46:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.47:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.48:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.49:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.50:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.51:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.52:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.53:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.54:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.55:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.57:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.58:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.59:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:2.0.47:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.49:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.48:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.51:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.52:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.59:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.46:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.55:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.50:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.53:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.54:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.57:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.58:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.1.8:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/a:fujitsu:interstage_application_server_plus:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:fujitsu:interstage_application_server_plus:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:fujitsu:interstage_apworks_modelers_j:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20076203
    V
    		CVE-2007-6203
    2015-11-16
    oval:org.mitre.oval:def:12166
    V
    		HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)
    2015-04-20
    oval:org.mitre.oval:def:13835
    P
    		USN-731-1 -- apache2 vulnerabilities
    2014-06-30
    BACK
    apache http server 2.0.46
    apache http server 2.0.47
    apache http server 2.0.48
    apache http server 2.0.49
    apache http server 2.0.50
    apache http server 2.0.51
    apache http server 2.0.52
    apache http server 2.0.53
    apache http server 2.0.54
    apache http server 2.0.55
    apache http server 2.0.57
    apache http server 2.0.58
    apache http server 2.0.59
    apache http server 2.1.1
    apache http server 2.1.2
    apache http server 2.1.3
    apache http server 2.1.4
    apache http server 2.1.5
    apache http server 2.1.6
    apache http server 2.1.7
    apache http server 2.1.8
    apache http server 2.2.0
    apache http server 2.2.2
    apache http server 2.2.3
    apache http server 2.2.4
    apache http server 2.0.47
    apache http server 2.0.49
    apache http server 2.0.48
    apache http server 2.0.51
    apache http server 2.0.52
    apache http server 2.0.59
    apache http server 2.2.4
    apache http server 2.0.46
    apache http server 2.0.55
    apache http server 2.2.3
    apache http server 2.2.0
    apache http server 2.2.2
    apache http server 2.0.50
    apache http server 2.0.53
    apache http server 2.0.54
    apache http server 2.0.57
    apache http server 2.0.58
    apache http server 2.1.1
    apache http server 2.1.2
    apache http server 2.1.3
    apache http server 2.1.4
    apache http server 2.1.5
    apache http server 2.1.6
    apache http server 2.1.7
    apache http server 2.1.8
    gentoo linux *
    novell linux desktop 9
    novell open enterprise server *
    canonical ubuntu 6.06
    novell suse linux enterprise server 10 sp2
    turbolinux turbolinux fuji
    turbolinux turbolinux personal *
    turbolinux turbolinux multimedia *
    canonical ubuntu 7.10
    fujitsu interstage application server plus 7.0
    fujitsu interstage application server plus 7.0.1
    fujitsu interstage apworks modelers j 7.0
    apple mac os x 10.5.2
    apple mac os x server 10.5.2
    novell open enterprise server *
    novell opensuse 10.2
    novell opensuse 10.3
    canonical ubuntu 8.04