Vulnerability CVE-2007-6421: Information

Description

Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.

Severity: LOW (3.5)

URL: https://nvd.nist.gov/vuln/detail/CVE-2007-6421
Published: Jan. 8, 2008
Modified: Nov. 7, 2023
Error type identifier: CWE-79

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://httpd.apache.org/security/vulnerabilities_22.html
    RHSA-2008:0008
      27236
        MDVSA-2008:016
          28526
            USN-575-1
              28749
                FEDORA-2008-1695
                  FEDORA-2008-1711
                    28977
                      http://docs.info.apple.com/article.html?artnum=307562
                        APPLE-SA-2008-03-18
                          29420
                            3523
                              SUSE-SA:2008:021
                                29640
                                  RHSA-2008:0009
                                    ADV-2008-0048
                                      ADV-2008-0924
                                        apache-modproxybalancer-xss(39474)
                                          oval:org.mitre.oval:def:8651
                                            oval:org.mitre.oval:def:10664
                                              20080110 SecurityReason - Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability
                                                [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                                                  [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                                                    [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                                                      [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                                                        [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
                                                          [httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/
                                                            [httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                                                              [httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
                                                                [httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html
                                                                  [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
                                                                    [httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
                                                                      [httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                                                                        [httpd-cvs] 20210606 svn commit: r1075467 [2/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
                                                                          [httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

                                                                              1. Configuration 1

                                                                                cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*
                                                                                cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
                                                                                cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
                                                                                cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
                                                                                cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
                                                                                cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
                                                                                cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
                                                                            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                                                            Version: v24.4.2
                                                                            Back to top