CVE-2007-6203

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.0.x through 2.2.x

Description The issue allows for potential cross-site scripting (XSS) style attacks. This occurs because the HTTP Method specifier header from an HTTP request is not sanitized when reflected back in a "413 Request Entity Too Large" error message. This could be exploited using web client components that can send arbitrary headers in requests. For example, an HTTP request containing an invalid Content-length value could be used.

Recommendations For Apache HTTP Server versions 2.0.x through 2.2.x, consider updating to a version where this issue is fixed, although the specific fixed version is not provided in the available data. As a temporary workaround, consider restricting access to components that can send arbitrary headers in requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.