Check Point Advisories

Preemptive Protection against Apache HTTP Server 413 Error Page Cross-Site Scripting Vulnerability

Check Point Reference: CPAI-2007-135
Date Published: 4 Dec 2007
Severity: Medium
Last Updated: Monday 01 January, 2007
Source: Secunia Advisory: SA27906
Industry Reference:CVE-2007-6203
Protection Provided by:
Who is Vulnerable? Apache version 2.0.46 (Red Hat)
Apache version 2.0.51 (Fedora)
Apache version 2.0.55 (Ubuntu)
Apache version 2.0.59 (Unix)
Apache version 2.2.3 (FreeBSD)
Apache version 2.2.4 (Linux/SUSE)
Vulnerability Description A cross-site scripting (XSS) vulnerability exists in Apache HTTP Server. Apache is a popular web server available for a wide variety of operating systems. Successful exploitation of this vulnerability could result in arbitrary scripting code execution by the user's browser in the context of an affected site.
Vulnerability DetailsThe vulnerability is due to an input validation error in Apache that fails to properly handle malformed HTTP requests when displaying "413 Request Entity Too Large" error messages. A remote attacker may inject arbitrary HTML or JavaScript into the response received from the server. Successful exploitation of this issue may allow the attacker to execute arbitrary scripting code on the vulnerable system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK