Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2007-4465

Disclosure Date: September 14, 2007 •

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Vendors

apache

Products

http server

References

Canonical

CVE-2007-4465 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465)

BID-25653 (http://www.securityfocus.com/bid/25653)

Advisory

http://www.redhat.com/support/errata/RHSA-2008-0005.html

SREASON-3113 (http://securityreason.com/securityalert/3113)

SECUNIA-28749 (http://secunia.com/advisories/28749)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089

HPSBUX02465 (http://marc.info?l=bugtraq&m=125631037611762&w=2)

SECUNIA-26952 (http://secunia.com/advisories/26952)

SECUNIA-31651 (http://secunia.com/advisories/31651)

SSRT090085 (http://marc.info?l=bugtraq&m=124654546101607&w=2)

SECUNIA-27563 (http://secunia.com/advisories/27563)

SECUNIA-27732 (http://secunia.com/advisories/27732)

SECTRACK-1019194 (http://securitytracker.com/id?1019194)

http://www.redhat.com/support/errata/RHSA-2007-0911.html

http://www.redhat.com/support/errata/RHSA-2008-0006.html

20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability (http://www.securityfocus.com/archive/1/479237/100/0/threaded)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929

TA08-150A (http://www.us-cert.gov/cas/techalerts/TA08-150A.html)

http://www.novell.com/linux/security/advisories/2007_61_apache2.html

FEDORA-2007-2214 (http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html)

http://www.redhat.com/support/errata/RHSA-2008-0008.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:014

HPSBUX02365 (http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432)

SECUNIA-30430 (http://secunia.com/advisories/30430)

http://www.apache.org/dist/httpd/CHANGES_2.2.6

APPLE-SA-2008-05-28 (http://lists.apple.com/archives/security-announce/2008//May/msg00001.html)

http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm

SECUNIA-33105 (http://secunia.com/advisories/33105)

XF-apache-utf7-xss(36586) (https://exchange.xforce.ibmcloud.com/vulnerabilities/36586)

SECUNIA-28467 (http://secunia.com/advisories/28467)

http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html

http://www.redhat.com/support/errata/RHSA-2008-0004.html

SECUNIA-28607 (http://secunia.com/advisories/28607)

GLSA-200711-06 (http://security.gentoo.org/glsa/glsa-200711-06.xml)

FEDORA-2007-707 (https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html)

SECUNIA-28471 (http://secunia.com/advisories/28471)

ADV-2008-1697 (http://www.vupen.com/english/advisories/2008/1697)

http://www.redhat.com/support/errata/RHSA-2008-0261.html

USN-575-1 (http://www.ubuntu.com/usn/usn-575-1)

SECUNIA-26842 (http://secunia.com/advisories/26842)

SECUNIA-35650 (http://secunia.com/advisories/35650)

http://bugs.gentoo.org/show_bug.cgi?id=186219

Miscellaneous

20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability (http://securityreason.com/achievement_securityalert/46)

Rapid7

Technical Analysis