CVE-2007-6203

Apache HTTP Server 2.0.x-2.2.x - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6203. PoCs published by Adrian Pastor.

AI-analyzed exploit summary This script scans for Apache servers vulnerable to CVE-2007-6203 by sending a malformed HTTP request with duplicate Content-length headers and checking for a reflected response. It identifies hosts that echo back the injected string, indicating potential XSS vulnerability.

Description

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

Exploits (1)

exploitdb SCANNER VERIFIED

by Adrian Pastor · bashremoteunix

https://www.exploit-db.com/exploits/30835

View Code ZIP pw:eip

This script scans for Apache servers vulnerable to CVE-2007-6203 by sending a malformed HTTP request with duplicate Content-length headers and checking for a reflected response. It identifies hosts that echo back the injected string, indicating potential XSS vulnerability.

Classification

Scanner 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Apache 2.0.46 through 2.2.4

No auth needed

Prerequisites: list of target hosts

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (31)

Core 31

Core References

Various Sources vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200803-19.xml

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26663

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12166

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34219

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=125631037611762&w=2

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27906

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1623/references

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0924/references

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3411

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/4301

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-731-1

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=129190899612998&w=2

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29420

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/4060

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33105

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1019030

Various Sources vendor-advisory x_refsource_aixapar

http://www-1.ibm.com/support/docview.wss?uid=swg24019245

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/484410/100/0/threaded

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29348

Various Sources x_refsource_confirm

http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28196

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30356

Vendor Advisory x_refsource_confirm

http://docs.info.apple.com/article.html?artnum=307562

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29640

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/38800

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1875/references

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30732

Exploit x_refsource_misc

http://procheckup.com/Vulnerability_PR07-37.php

Scores

EPSS 0.8075

EPSS Percentile 99.6%

Details

CWE

CWE-79

Status published

Products (25)

apache/http_server 2.0.46

apache/http_server 2.0.47

apache/http_server 2.0.48

apache/http_server 2.0.49

apache/http_server 2.0.50

apache/http_server 2.0.51

apache/http_server 2.0.52

apache/http_server 2.0.53

apache/http_server 2.0.54

apache/http_server 2.0.55

... and 15 more

Published Dec 03, 2007

Tracked Since Feb 18, 2026