Vulnerability CVE-2007-6421

Vulnerability CVE-2007-6421

Published: 2008-01-08 Modified: 2012-02-12

Description:

Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

See advisories in our WLB2 database:

	Topic	Author	Date
Low	Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability	sp3x	09.01.2008

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
3.5/10	2.9/10	6.8/10

Exploit range	Attack complexity	Authentication
Remote	Medium	Single time
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Apache -> Http server

References:

http://docs.info.apple.com/article.html?artnum=307562

http://httpd.apache.org/security/vulnerabilities_22.html

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html

http://securityreason.com/securityalert/3523

http://www.mandriva.com/security/advisories?name=MDVSA-2008:016

http://www.redhat.com/support/errata/RHSA-2008-0008.html

http://www.redhat.com/support/errata/RHSA-2008-0009.html

http://www.securityfocus.com/archive/1/486169/100/0/threaded

http://www.securityfocus.com/bid/27236

http://www.ubuntu.com/usn/usn-575-1

http://www.vupen.com/english/advisories/2008/0048

http://www.vupen.com/english/advisories/2008/0924/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/39474

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10664

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8651

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html

Vulnerability CVE-2007-6421

Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

See advisories in our WLB2 database:

Low

Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability

CWE-79

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

3.5/10

2.9/10

6.8/10

Remote

Medium

Single time

None

Partial

None

Affected software

References: