Upstream information
Description
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.SUSE information
Overall state of this security issue: Ignore
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 4.3 |
Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | Partial |
Availability Impact | None |
- SUSE-SA:2008:021, published Fri, 04 Apr 2008 16:00:00 +0000
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
Novell Linux Desktop 9 SDK for x86 Novell Linux Desktop 9 SDK for x86_64 |
|
core9.s390 core9.x86 YOU Patch Nr: 12124 |
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64 |
|
core9.s390 core9.x86 YOU Patch Nr: 12124 |
Open Enterprise Server |
|
core9.s390 core9.x86 YOU Patch Nr: 12124 |
SUSE LINUX 10.1 |
|