Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6203 — Cross-site Scripting in Apache Http Server

CWE-79 — Cross-site Scripting9 documents9 sources
Severity
4.3MEDIUMNVD
EPSS
73.5%
top 1.19%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Http Server
Timeline
PublishedDec 3
Latest updateMay 1

Description

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

â–¶NVDapache/http_server25 versions+24

🔴Vulnerability Details

3
GHSA
GHSA-g7xr-j224-9v5w: Apache HTTP Server 2↗2022-05-01
â–¶
OSV
CVE-2007-6203: Apache HTTP Server 2↗2007-12-03
â–¶
CVEList
CVE-2007-6203: Apache HTTP Server 2↗2007-12-03
â–¶

💥Exploits & PoCs

1
Exploit-DB
Apache 2.2.4 - 413 Error HTTP Request Method Cross-Site Scripting↗2007-11-30
â–¶

📋Vendor Advisories

3
Ubuntu
Apache vulnerabilities↗2009-03-10
â–¶
Red Hat
httpd: Garbage before http method name is not escaped in a reply in case of errorneous request↗2007-11-30
â–¶
Debian
CVE-2007-6203: apache2 - Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier h...↗2007
â–¶

💬Community

1
Bugzilla
CVE-2007-6203 httpd: Garbage before http method name is not escaped in a reply in case of errorneous request↗2007-12-04
â–¶
CVE-2007-6203 — Cross-site Scripting in Apache | cvebase