CVE-2007-6421 Information
Share on:Description
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss (2) wr or (3) rr parameters or (4) the URL.
Reference
http://docs.info.apple.com/article.html?artnum=307562 http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html http://secunia.com/advisories/28526 http://secunia.com/advisories/28749 http://secunia.com/advisories/28977 http://secunia.com/advisories/29420 http://secunia.com/advisories/29640 http://securityreason.com/securityalert/3523 http://www.mandriva.com/security/advisories?name=MDVSA-2008:016 http://www.redhat.com/support/errata/RHSA-2008-0008.html http://www.redhat.com/support/errata/RHSA-2008-0009.html http://www.securityfocus.com/archive/1/486169/100/0/threaded http://www.securityfocus.com/bid/27236 http://www.ubuntu.com/usn/usn-575-1 http://www.vupen.com/english/advisories/2008/0048 http://www.vupen.com/english/advisories/2008/0924/references https://exchange.xforce.ibmcloud.com/vulnerabilities/39474 https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@3Ccvs.httpd.apache.org3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@3Ccvs.httpd.apache.org3E https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10664 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A8651 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html