CVE-2007-6421

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.2.0 through 2.2.6

Description A cross-site scripting (XSS) issue exists in the balancer-manager in mod proxy balancer, allowing remote attackers to inject arbitrary web script or HTML via the ss, wr, or rr parameters, or the URL. This could enable a cross-site scripting attack against an authorized user on sites where mod proxy balancer is enabled.

Recommendations For Apache HTTP Server versions 2.2.0 through 2.2.6, consider disabling the mod proxy balancer module as a temporary workaround until a patch is available. Restrict access to the balancer-manager to minimize the risk of exploitation. Avoid using the ss, wr, or rr parameters in the affected module until the issue is resolved.