CVE-2007-6421

low

Description

Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

References

http://httpd.apache.org/security/vulnerabilities_22.html

http://www.redhat.com/support/errata/RHSA-2008-0008.html

http://www.securityfocus.com/bid/27236

http://www.mandriva.com/security/advisories?name=MDVSA-2008:016

http://secunia.com/advisories/28526

http://www.ubuntu.com/usn/usn-575-1

http://secunia.com/advisories/28749

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html

http://secunia.com/advisories/28977

http://docs.info.apple.com/article.html?artnum=307562

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

http://secunia.com/advisories/29420

http://securityreason.com/securityalert/3523

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html

http://secunia.com/advisories/29640

http://www.redhat.com/support/errata/RHSA-2008-0009.html

http://www.vupen.com/english/advisories/2008/0048

http://www.vupen.com/english/advisories/2008/0924/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/39474

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8651

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10664

http://www.securityfocus.com/archive/1/486169/100/0/threaded

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2008-01-08

Updated: 2021-06-06

Type: CWE-79

Risk Information

CVSS v2

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW