Novell Home

CVE-2007-6203

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2007-6203 at MITRE

Description

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entries: 345799, 346451, 355888

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
  • apache2 >= 2.0.59-1.8
  • apache2-devel >= 2.0.59-1.8
  • apache2-prefork >= 2.0.59-1.8
  • apache2-worker >= 2.0.59-1.8
core9.s390
core9.x86
YOU Patch Nr: 12124
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • libapr0 >= 2.0.59-1.8
core9.s390
core9.x86
YOU Patch Nr: 12124
Open Enterprise Server
  • apache2 >= 2.0.59-1.8
  • apache2-devel >= 2.0.59-1.8
  • apache2-doc >= 2.0.59-1.8
  • apache2-example-pages >= 2.0.59-1.8
  • apache2-prefork >= 2.0.59-1.8
  • apache2-worker >= 2.0.59-1.8
  • libapr0 >= 2.0.59-1.8
core9.s390
core9.x86
YOU Patch Nr: 12124
SUSE LINUX 10.1
  • apache2 >= 2.2.3-16.17.3
  • apache2-devel >= 2.2.3-16.17.3
  • apache2-doc >= 2.2.3-16.17.3
  • apache2-example-pages >= 2.2.3-16.17.3
  • apache2-prefork >= 2.2.3-16.17.3
  • apache2-worker >= 2.2.3-16.17.3

© 2014 Novell