CVE-2007-4465

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.2.6

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset when the charset on a server-generated page is not defined. This issue may be attributed to a design limitation of browsers that attempt to perform automatic content type detection.

Recommendations For Apache HTTP Server versions prior to 2.2.6, update to version 2.2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the mod autoindex.c module until a patch is available. Avoid using the P parameter in affected API endpoints until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2007-4465

HPSBUX02365

HPSBUX02431

HPSBUX02465

OPENSUSE-SU-2024:10623-1

RHSA-2007:0911

RHSA-2008:0004

RHSA-2008:0005

RHSA-2008:0006

RHSA-2008:0008

RHSA-2008:0261

RHSA-2008:0523

RHSA-2008:0524

RHSA-2008_0006

RHSA-2008_0008

RHSA-2010:0602

Affected Products

Apache Http Server

Red Hat

CVE-2007-4465

Weakness Enumeration

Related Identifiers

Affected Products

References · 126