CVE-2007-6421

Apache HTTP Server <2.2.7 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

References (37)

[Vendor Advisory] http://docs.info.apple.com/article.html?artnum=307562

[Various Sources] http://httpd.apache.org/security/vulnerabilities_22.html

[Mailing List] http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html

[Third Party Advisory] http://secunia.com/advisories/28526

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2008:016

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0008.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0009.html

[Vendor Advisory] http://www.ubuntu.com/usn/usn-575-1

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39474

[Mailing List] https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/486169/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27236

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10664

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8651

... and 17 more

Scores

EPSS 0.0301

EPSS Percentile 86.5%

Classification

CWE

CWE-79

Status draft

Affected Products (7)

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

apache/http_server

Timeline

Published Jan 08, 2008

Tracked Since Feb 18, 2026