CVE-2007-6203
Novell Linux Desktop 9 SDK for x86,Novell Linux Desktop 9 SDK for x86_64,Novell Linux Desktop 9 for x86,Novell Linux Desktop 9 for x86_64,Open Enterprise Server,SUSE LINUX 10.1
CVE-2007-6203, security advisory, novell, suse linux, suse, security, cve

CVE-2007-6203

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2007-6203 at MITRE

Description

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entries: 345799 [RESOLVED / INVALID], 346451 [RESOLVED / FIXED], 355888 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
  • apache2 >= 2.0.59-1.8
  • apache2-devel >= 2.0.59-1.8
  • apache2-prefork >= 2.0.59-1.8
  • apache2-worker >= 2.0.59-1.8
core9.s390
core9.x86
YOU Patch Nr: 12124
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • libapr0 >= 2.0.59-1.8
core9.s390
core9.x86
YOU Patch Nr: 12124
Open Enterprise Server
  • apache2 >= 2.0.59-1.8
  • apache2-devel >= 2.0.59-1.8
  • apache2-doc >= 2.0.59-1.8
  • apache2-example-pages >= 2.0.59-1.8
  • apache2-prefork >= 2.0.59-1.8
  • apache2-worker >= 2.0.59-1.8
  • libapr0 >= 2.0.59-1.8
core9.s390
core9.x86
YOU Patch Nr: 12124
SUSE LINUX 10.1
  • apache2 >= 2.2.3-16.17.3
  • apache2-devel >= 2.2.3-16.17.3
  • apache2-doc >= 2.2.3-16.17.3
  • apache2-example-pages >= 2.2.3-16.17.3
  • apache2-prefork >= 2.2.3-16.17.3
  • apache2-worker >= 2.2.3-16.17.3