Definition


New Search

HP-UX Apache-based Web Server Local Information Disclosure Increase of Privilege Remote Denial of Service (DoS)

oval:org.mitre.oval:def:12166

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests as demonstrated via an HTTP request containing an invalid Content-length value a similar issue to CVE-2006-3918.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • HP-UX 11
Class:
vulnerability
Reference(s):
  • CVE-2007-6203
Product(s):