CVE-2007-6203 (retired)

Priority
Description
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method
specifier header from an HTTP request when it is reflected back in a "413
Request Entity Too Large" error message, which might allow cross-site
scripting (XSS) style attacks using web client components that can send
arbitrary headers in requests, as demonstrated via an HTTP request
containing an invalid Content-length value, a similar issue to
CVE-2006-3918.
Notes
 jdstrand> seems a very hard bug to exploit, if at all. See:
  http://www-1.ibm.com/support/docview.wss?uid=swg1PK57952
 mdeslaur> test available: http://www.securityfocus.com/archive/1/archive/1/484410/100/0/threaded
Assigned-to
mdeslaur
More Information

Updated: 2019-03-26 11:42:17 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)