CVE-2007-6421

LOW

Description

Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

References

http://docs.info.apple.com/article.html?artnum=307562

http://httpd.apache.org/security/vulnerabilities_22.html

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html

http://secunia.com/advisories/28526

http://secunia.com/advisories/28749

http://secunia.com/advisories/28977

http://secunia.com/advisories/29420

http://secunia.com/advisories/29640

http://securityreason.com/securityalert/3523

http://www.mandriva.com/security/advisories?name=MDVSA-2008:016

http://www.redhat.com/support/errata/RHSA-2008-0008.html

http://www.redhat.com/support/errata/RHSA-2008-0009.html

http://www.securityfocus.com/archive/1/486169/100/0/threaded

http://www.securityfocus.com/bid/27236

http://www.ubuntu.com/usn/usn-575-1

http://www.vupen.com/english/advisories/2008/0048

http://www.vupen.com/english/advisories/2008/0924/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/39474

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10664

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8651

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html

Details

Source: MITRE

Published: 2008-01-08

Updated: 2018-10-30

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW