CVE - CVE-2007-4465

CVE-ID
CVE-2007-4465	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability URL:http://www.securityfocus.com/archive/1/479237/100/0/threaded SREASONRES:20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability URL:http://securityreason.com/achievement_securityalert/46 CONFIRM:http://www.apache.org/dist/httpd/CHANGES_2.2.6 CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=186219 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm CONFIRM:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html APPLE:APPLE-SA-2008-05-28 URL:http://lists.apple.com/archives/security-announce/2008//May/msg00001.html FEDORA:FEDORA-2007-2214 URL:http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html FEDORA:FEDORA-2007-707 URL:https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html GENTOO:GLSA-200711-06 URL:http://security.gentoo.org/glsa/glsa-200711-06.xml HP:HPSBUX02365 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432 HP:SSRT080118 URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432 HP:HPSBUX02431 URL:http://marc.info/?l=bugtraq&m=124654546101607&w=2 HP:SSRT090085 URL:http://marc.info/?l=bugtraq&m=124654546101607&w=2 HP:HPSBUX02465 URL:http://marc.info/?l=bugtraq&m=125631037611762&w=2 HP:SSRT090192 URL:http://marc.info/?l=bugtraq&m=125631037611762&w=2 MANDRIVA:MDVSA-2008:014 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:014 REDHAT:RHSA-2007:0911 URL:http://www.redhat.com/support/errata/RHSA-2007-0911.html REDHAT:RHSA-2008:0004 URL:http://www.redhat.com/support/errata/RHSA-2008-0004.html REDHAT:RHSA-2008:0005 URL:http://www.redhat.com/support/errata/RHSA-2008-0005.html REDHAT:RHSA-2008:0006 URL:http://www.redhat.com/support/errata/RHSA-2008-0006.html REDHAT:RHSA-2008:0008 URL:http://www.redhat.com/support/errata/RHSA-2008-0008.html REDHAT:RHSA-2008:0261 URL:http://www.redhat.com/support/errata/RHSA-2008-0261.html SUSE:SUSE-SA:2007:061 URL:http://www.novell.com/linux/security/advisories/2007_61_apache2.html UBUNTU:USN-575-1 URL:http://www.ubuntu.com/usn/usn-575-1 CERT:TA08-150A URL:http://www.us-cert.gov/cas/techalerts/TA08-150A.html BID:25653 URL:http://www.securityfocus.com/bid/25653 OVAL:oval:org.mitre.oval:def:6089 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089 OVAL:oval:org.mitre.oval:def:10929 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929 SECUNIA:35650 URL:http://secunia.com/advisories/35650 VUPEN:ADV-2008-1697 URL:http://www.vupen.com/english/advisories/2008/1697 SECTRACK:1019194 URL:http://securitytracker.com/id?1019194 SECUNIA:26842 URL:http://secunia.com/advisories/26842 SECUNIA:26952 URL:http://secunia.com/advisories/26952 SECUNIA:27563 URL:http://secunia.com/advisories/27563 SECUNIA:27732 URL:http://secunia.com/advisories/27732 SECUNIA:28467 URL:http://secunia.com/advisories/28467 SECUNIA:28471 URL:http://secunia.com/advisories/28471 SECUNIA:28607 URL:http://secunia.com/advisories/28607 SECUNIA:28749 URL:http://secunia.com/advisories/28749 SECUNIA:30430 URL:http://secunia.com/advisories/30430 SECUNIA:31651 URL:http://secunia.com/advisories/31651 SECUNIA:33105 URL:http://secunia.com/advisories/33105 SREASON:3113 URL:http://securityreason.com/securityalert/3113 XF:apache-utf7-xss(36586) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/36586
Assigning CNA
N/A
Date Entry Created
20070821	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070821)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org