CVE-2007-6421

Apache HTTP Server 2.2.0-2.2.6 - Cross-Site Scripting via mod_proxy_balancer Parameters

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

References (37)

Core 37
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28749
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3523
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28526
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0924/references
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8651
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27236
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0008.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0009.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29420
Various Sources x_refsource_confirm
http://httpd.apache.org/security/vulnerabilities_22.html
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39474
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0048
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/486169/100/0/threaded
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307562
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-575-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29640
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10664
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28977
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:016

Scores

EPSS 0.0832
EPSS Percentile 94.3%

Details

CWE
CWE-79
Status published
Products (7)
apache/http_server
apache/http_server 2.2
apache/http_server 2.2.1
apache/http_server 2.2.2
apache/http_server 2.2.3
apache/http_server 2.2.4
apache/http_server 2.2.6
Published Jan 08, 2008
Tracked Since Feb 18, 2026