CVE-2007-4465 - Vulnerability Details

Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apache	Http Server
Redhat	Certificate System Enterprise Linux Network Proxy Network Satellite Rhel Application Stack

Configuration 1 [-]

OR	cpe:2.3:a:apache:http_server::::::::
	cpe:2.3:a:apache:http_server::::::::

Package	CPE	Advisory	Released Date
Red Hat Certificate System 7.3
ant-0:1.6.5-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
avalon-logkit-0:1.2-2jpp_4rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
axis-0:1.2.1-1jpp_3rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
classpathx-jaf-0:1.0-2jpp_6rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
classpathx-mail-0:1.1.1-2jpp_8rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
geronimo-specs-0:1.0-0.M4.1jpp_10rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
jakarta-commons-modeler-0:2.0-3jpp_2rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
log4j-0:1.2.12-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
mx4j-1:3.0.1-1jpp_4rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
pcsc-lite-0:1.3.3-3.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-ca-0:7.3.0-20.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-java-tools-0:7.3.0-10.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-kra-0:7.3.0-14.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-manage-0:7.3.0-19.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-native-tools-0:7.3.0-6.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-ocsp-0:7.3.0-13.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-tks-0:7.3.0-13.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
tomcat5-0:5.5.23-0jpp_4rh.16	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
xerces-j2-0:2.7.1-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
xml-commons-0:1.3.02-2jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
Red Hat Enterprise Linux 2.1
apache-0:1.3.27-14.ent	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2008:0004	2008-01-15T00:00:00Z
Red Hat Enterprise Linux 3
httpd-0:2.0.46-70.ent	cpe:/o:redhat:enterprise_linux:3	RHSA-2008:0005	2008-01-15T00:00:00Z
Red Hat Enterprise Linux 4
httpd-0:2.0.52-38.ent.2	cpe:/o:redhat:enterprise_linux:4	RHSA-2008:0006	2008-01-15T00:00:00Z
Red Hat Enterprise Linux 5
httpd-0:2.2.3-11.el5_1.3	cpe:/o:redhat:enterprise_linux:5	RHSA-2008:0008	2008-01-15T00:00:00Z
Red Hat Network Proxy v 4.2 (RHEL 3)
jabberd-0:2.0s10-3.37.rhn	cpe:/a:redhat:network_proxy:4.2::el3	RHSA-2008:0523	2008-06-30T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel3	cpe:/a:redhat:network_proxy:4.2::el3	RHSA-2008:0523	2008-06-30T00:00:00Z
rhn-modperl-0:1.29-16.rhel3	cpe:/a:redhat:network_proxy:4.2::el3	RHSA-2008:0523	2008-06-30T00:00:00Z
Red Hat Network Proxy v 4.2 (RHEL 4)
jabberd-0:2.0s10-3.38.rhn	cpe:/a:redhat:network_proxy:4.2::el4	RHSA-2008:0523	2008-06-30T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel4	cpe:/a:redhat:network_proxy:4.2::el4	RHSA-2008:0523	2008-06-30T00:00:00Z
rhn-modperl-0:1.29-16.rhel4	cpe:/a:redhat:network_proxy:4.2::el4	RHSA-2008:0523	2008-06-30T00:00:00Z
Red Hat Network Satellite Server v 4.2
jabberd-0:2.0s10-3.38.rhn	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
jfreechart-0:0.9.20-3.rhn	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
openmotif21-0:2.1.30-11.RHEL4.6	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modjk-0:1.2.23-2rhn.rhel4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modperl-0:1.29-16.rhel4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modssl-0:2.8.12-8.rhn.10.rhel4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
Red Hat Network Satellite Server v 4.2 (RHEL3)
jabberd-0:2.0s10-3.37.rhn	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
jfreechart-0:0.9.20-3.rhn	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
openmotif21-0:2.1.30-9.RHEL3.8	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modjk-0:1.2.23-2rhn.rhel3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modperl-0:1.29-16.rhel3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modssl-0:2.8.12-8.rhn.10.rhel3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
Red Hat Network Satellite Server v 5.0
jabberd-0:2.0s10-3.38.rhn	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
jfreechart-0:0.9.20-3.rhn	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
openmotif21-0:2.1.30-11.RHEL4.6	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
rhn-modjk-0:1.2.23-2rhn.rhel4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
rhn-modperl-0:1.29-16.rhel4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
rhn-modssl-0:2.8.12-8.rhn.10.rhel4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
Red Hat Web Application Stack for RHEL 4
httpd-0:2.0.59-1.el4s1.8	cpe:/a:redhat:rhel_application_stack:1	RHSA-2007:0911	2007-10-25T00:00:00Z

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=186219
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432
http://lists.apple.com/archives/security-announce/2008//May/msg00001.html
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://secunia.com/advisories/26842
http://secunia.com/advisories/26952
http://secunia.com/advisories/27563
http://secunia.com/advisories/27732
http://secunia.com/advisories/28467
http://secunia.com/advisories/28471
http://secunia.com/advisories/28607
http://secunia.com/advisories/28749
http://secunia.com/advisories/30430
http://secunia.com/advisories/31651
http://secunia.com/advisories/33105
http://secunia.com/advisories/35650
http://security.gentoo.org/glsa/glsa-200711-06.xml
http://securityreason.com/achievement_securityalert/46
http://securityreason.com/securityalert/3113
http://securitytracker.com/id?1019194
http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm
http://www.apache.org/dist/httpd/CHANGES_2.2.6
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:014
http://www.novell.com/linux/security/advisories/2007_61_apache2.html
http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html
http://www.redhat.com/support/errata/RHSA-2007-0911.html
http://www.redhat.com/support/errata/RHSA-2008-0004.html
http://www.redhat.com/support/errata/RHSA-2008-0005.html
http://www.redhat.com/support/errata/RHSA-2008-0006.html
http://www.redhat.com/support/errata/RHSA-2008-0008.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securityfocus.com/archive/1/479237/100/0/threaded
http://www.securityfocus.com/bid/25653
http://www.ubuntu.com/usn/usn-575-1
http://www.us-cert.gov/cas/techalerts/TA08-150A.html
http://www.vupen.com/english/advisories/2008/1697
https://exchange.xforce.ibmcloud.com/vulnerabilities/36586
https://nvd.nist.gov/vuln/detail/CVE-2007-4465
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089
https://www.cve.org/CVERecord?id=CVE-2007-4465
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html

History

Fri, 17 Jan 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-14T00:00:00

Updated: 2025-01-17T14:50:38.126Z

Reserved: 2007-08-21T00:00:00

Link: CVE-2007-4465

Vulnrichment

Updated: 2024-08-07T14:53:56.077Z

NVD

Status : Deferred

Published: 2007-09-14T00:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4465

Redhat

Severity : Low

Publid Date: 2007-09-13T00:00:00Z

Links: CVE-2007-4465 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-11T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2008:0005", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"}, {"name": "3113", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3113"}, {"name": "28749", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28749"}, {"name": "oval:org.mitre.oval:def:6089", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089"}, {"name": "HPSBUX02465", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"name": "26952", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26952"}, {"name": "31651", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31651"}, {"name": "SSRT090085", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"name": "25653", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25653"}, {"name": "27563", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27563"}, {"name": "27732", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27732"}, {"name": "1019194", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1019194"}, {"name": "RHSA-2007:0911", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html"}, {"name": "RHSA-2008:0006", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html"}, {"name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:10929", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929"}, {"name": "SSRT090192", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"name": "TA08-150A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"}, {"name": "SUSE-SA:2007:061", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"}, {"name": "FEDORA-2007-2214", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html"}, {"name": "RHSA-2008:0008", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html"}, {"name": "MDVSA-2008:014", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014"}, {"name": "HPSBUX02365", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"}, {"name": "30430", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30430"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6"}, {"name": "APPLE-SA-2008-05-28", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm"}, {"name": "33105", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33105"}, {"name": "apache-utf7-xss(36586)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586"}, {"name": "28467", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28467"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"}, {"name": "RHSA-2008:0004", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html"}, {"name": "28607", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28607"}, {"name": "GLSA-200711-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml"}, {"name": "HPSBUX02431", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"name": "FEDORA-2007-707", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html"}, {"name": "28471", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28471"}, {"name": "ADV-2008-1697", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1697"}, {"name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "tags": ["third-party-advisory", "x_refsource_SREASONRES"], "url": "http://securityreason.com/achievement_securityalert/46"}, {"name": "RHSA-2008:0261", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"name": "USN-575-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-575-1"}, {"name": "26842", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26842"}, {"name": "SSRT080118", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"}, {"name": "35650", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35650"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4465", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2008:0005", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"}, {"name": "3113", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3113"}, {"name": "28749", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28749"}, {"name": "oval:org.mitre.oval:def:6089", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089"}, {"name": "HPSBUX02465", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"name": "26952", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26952"}, {"name": "31651", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31651"}, {"name": "SSRT090085", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"name": "25653", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25653"}, {"name": "27563", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27563"}, {"name": "27732", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27732"}, {"name": "1019194", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019194"}, {"name": "RHSA-2007:0911", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html"}, {"name": "RHSA-2008:0006", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html"}, {"name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:10929", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929"}, {"name": "SSRT090192", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"name": "TA08-150A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"}, {"name": "SUSE-SA:2007:061", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"}, {"name": "FEDORA-2007-2214", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html"}, {"name": "RHSA-2008:0008", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html"}, {"name": "MDVSA-2008:014", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014"}, {"name": "HPSBUX02365", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"}, {"name": "30430", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30430"}, {"name": "http://www.apache.org/dist/httpd/CHANGES_2.2.6", "refsource": "CONFIRM", "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6"}, {"name": "APPLE-SA-2008-05-28", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm"}, {"name": "33105", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33105"}, {"name": "apache-utf7-xss(36586)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586"}, {"name": "28467", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28467"}, {"name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html", "refsource": "CONFIRM", "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"}, {"name": "RHSA-2008:0004", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html"}, {"name": "28607", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28607"}, {"name": "GLSA-200711-06", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml"}, {"name": "HPSBUX02431", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"name": "FEDORA-2007-707", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html"}, {"name": "28471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28471"}, {"name": "ADV-2008-1697", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1697"}, {"name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/46"}, {"name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"name": "USN-575-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-575-1"}, {"name": "26842", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26842"}, {"name": "SSRT080118", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"}, {"name": "35650", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35650"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=186219", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:53:56.077Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2008:0005", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"}, {"name": "3113", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3113"}, {"name": "28749", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28749"}, {"name": "oval:org.mitre.oval:def:6089", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089"}, {"name": "HPSBUX02465", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"name": "26952", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26952"}, {"name": "31651", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31651"}, {"name": "SSRT090085", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"name": "25653", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25653"}, {"name": "27563", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27563"}, {"name": "27732", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27732"}, {"name": "1019194", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1019194"}, {"name": "RHSA-2007:0911", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html"}, {"name": "RHSA-2008:0006", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html"}, {"name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:10929", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929"}, {"name": "SSRT090192", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"name": "TA08-150A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"}, {"name": "SUSE-SA:2007:061", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"}, {"name": "FEDORA-2007-2214", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html"}, {"name": "RHSA-2008:0008", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html"}, {"name": "MDVSA-2008:014", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014"}, {"name": "HPSBUX02365", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"}, {"name": "30430", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30430"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6"}, {"name": "APPLE-SA-2008-05-28", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm"}, {"name": "33105", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33105"}, {"name": "apache-utf7-xss(36586)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586"}, {"name": "28467", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28467"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"}, {"name": "RHSA-2008:0004", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html"}, {"name": "28607", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28607"}, {"name": "GLSA-200711-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml"}, {"name": "HPSBUX02431", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"name": "FEDORA-2007-707", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html"}, {"name": "28471", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28471"}, {"name": "ADV-2008-1697", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1697"}, {"name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "tags": ["third-party-advisory", "x_refsource_SREASONRES", "x_transferred"], "url": "http://securityreason.com/achievement_securityalert/46"}, {"name": "RHSA-2008:0261", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"name": "USN-575-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-575-1"}, {"name": "26842", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26842"}, {"name": "SSRT080118", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"}, {"name": "35650", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35650"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-01-05T17:42:37.598591Z", "id": "CVE-2007-4465", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-17T14:50:38.126Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4465", "datePublished": "2007-09-14T00:00:00", "dateReserved": "2007-08-21T00:00:00", "dateUpdated": "2025-01-17T14:50:38.126Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html", "name": "RHSA-2008:0005", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://securityreason.com/securityalert/3113", "name": "3113", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"]}, {"url": "http://secunia.com/advisories/28749", "name": "28749", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089", "name": "oval:org.mitre.oval:def:6089", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"]}, {"url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2", "name": "HPSBUX02465", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"]}, {"url": "http://secunia.com/advisories/26952", "name": "26952", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://secunia.com/advisories/31651", "name": "31651", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2", "name": "SSRT090085", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/25653", "name": "25653", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://secunia.com/advisories/27563", "name": "27563", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://secunia.com/advisories/27732", "name": "27732", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://securitytracker.com/id?1019194", "name": "1019194", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html", "name": "RHSA-2007:0911", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html", "name": "RHSA-2008:0006", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded", "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929", "name": "oval:org.mitre.oval:def:10929", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"]}, {"url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2", "name": "SSRT090192", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"]}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html", "name": "TA08-150A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"]}, {"url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html", "name": "SUSE-SA:2007:061", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html", "name": "FEDORA-2007-2214", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html", "name": "RHSA-2008:0008", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014", "name": "MDVSA-2008:014", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"]}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432", "name": "HPSBUX02365", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"]}, {"url": "http://secunia.com/advisories/30430", "name": "30430", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html", "name": "APPLE-SA-2008-05-28", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"]}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://secunia.com/advisories/33105", "name": "33105", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586", "name": "apache-utf7-xss(36586)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"]}, {"url": "http://secunia.com/advisories/28467", "name": "28467", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html", "name": "RHSA-2008:0004", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://secunia.com/advisories/28607", "name": "28607", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://security.gentoo.org/glsa/glsa-200711-06.xml", "name": "GLSA-200711-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2", "name": "HPSBUX02431", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"]}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html", "name": "FEDORA-2007-707", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "http://secunia.com/advisories/28471", "name": "28471", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://www.vupen.com/english/advisories/2008/1697", "name": "ADV-2008-1697", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"]}, {"url": "http://securityreason.com/achievement_securityalert/46", "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "tags": ["third-party-advisory", "x_refsource_SREASONRES", "x_transferred"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "name": "RHSA-2008:0261", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/usn-575-1", "name": "USN-575-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://secunia.com/advisories/26842", "name": "26842", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432", "name": "SSRT080118", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"]}, {"url": "http://secunia.com/advisories/35650", "name": "35650", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=186219", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:53:56.077Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2007-4465", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-01-05T17:42:37.598591Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-17T14:50:03.320Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-11T00:00:00", "references": [{"url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html", "name": "RHSA-2008:0005", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://securityreason.com/securityalert/3113", "name": "3113", "tags": ["third-party-advisory", "x_refsource_SREASON"]}, {"url": "http://secunia.com/advisories/28749", "name": "28749", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089", "name": "oval:org.mitre.oval:def:6089", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"]}, {"url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2", "name": "HPSBUX02465", "tags": ["vendor-advisory", "x_refsource_HP"]}, {"url": "http://secunia.com/advisories/26952", "name": "26952", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://secunia.com/advisories/31651", "name": "31651", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2", "name": "SSRT090085", "tags": ["vendor-advisory", "x_refsource_HP"]}, {"url": "http://www.securityfocus.com/bid/25653", "name": "25653", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://secunia.com/advisories/27563", "name": "27563", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://secunia.com/advisories/27732", "name": "27732", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://securitytracker.com/id?1019194", "name": "1019194", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html", "name": "RHSA-2007:0911", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html", "name": "RHSA-2008:0006", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded", "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929", "name": "oval:org.mitre.oval:def:10929", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"]}, {"url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2", "name": "SSRT090192", "tags": ["vendor-advisory", "x_refsource_HP"]}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html", "name": "TA08-150A", "tags": ["third-party-advisory", "x_refsource_CERT"]}, {"url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html", "name": "SUSE-SA:2007:061", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html", "name": "FEDORA-2007-2214", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html", "name": "RHSA-2008:0008", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014", "name": "MDVSA-2008:014", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"]}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432", "name": "HPSBUX02365", "tags": ["vendor-advisory", "x_refsource_HP"]}, {"url": "http://secunia.com/advisories/30430", "name": "30430", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html", "name": "APPLE-SA-2008-05-28", "tags": ["vendor-advisory", "x_refsource_APPLE"]}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://secunia.com/advisories/33105", "name": "33105", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586", "name": "apache-utf7-xss(36586)", "tags": ["vdb-entry", "x_refsource_XF"]}, {"url": "http://secunia.com/advisories/28467", "name": "28467", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html", "name": "RHSA-2008:0004", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://secunia.com/advisories/28607", "name": "28607", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://security.gentoo.org/glsa/glsa-200711-06.xml", "name": "GLSA-200711-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2", "name": "HPSBUX02431", "tags": ["vendor-advisory", "x_refsource_HP"]}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html", "name": "FEDORA-2007-707", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "http://secunia.com/advisories/28471", "name": "28471", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://www.vupen.com/english/advisories/2008/1697", "name": "ADV-2008-1697", "tags": ["vdb-entry", "x_refsource_VUPEN"]}, {"url": "http://securityreason.com/achievement_securityalert/46", "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "tags": ["third-party-advisory", "x_refsource_SREASONRES"]}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "name": "RHSA-2008:0261", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.ubuntu.com/usn/usn-575-1", "name": "USN-575-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://secunia.com/advisories/26842", "name": "26842", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432", "name": "SSRT080118", "tags": ["vendor-advisory", "x_refsource_HP"]}, {"url": "http://secunia.com/advisories/35650", "name": "35650", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=186219", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2018-10-15T20:57:01"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html", "name": "RHSA-2008:0005", "refsource": "REDHAT"}, {"url": "http://securityreason.com/securityalert/3113", "name": "3113", "refsource": "SREASON"}, {"url": "http://secunia.com/advisories/28749", "name": "28749", "refsource": "SECUNIA"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089", "name": "oval:org.mitre.oval:def:6089", "refsource": "OVAL"}, {"url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2", "name": "HPSBUX02465", "refsource": "HP"}, {"url": "http://secunia.com/advisories/26952", "name": "26952", "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/31651", "name": "31651", "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2", "name": "SSRT090085", "refsource": "HP"}, {"url": "http://www.securityfocus.com/bid/25653", "name": "25653", "refsource": "BID"}, {"url": "http://secunia.com/advisories/27563", "name": "27563", "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/27732", "name": "27732", "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1019194", "name": "1019194", "refsource": "SECTRACK"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html", "name": "RHSA-2007:0911", "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html", "name": "RHSA-2008:0006", "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded", "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "refsource": "BUGTRAQ"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929", "name": "oval:org.mitre.oval:def:10929", "refsource": "OVAL"}, {"url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2", "name": "SSRT090192", "refsource": "HP"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html", "name": "TA08-150A", "refsource": "CERT"}, {"url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html", "name": "SUSE-SA:2007:061", "refsource": "SUSE"}, {"url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html", "name": "FEDORA-2007-2214", "refsource": "FEDORA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html", "name": "RHSA-2008:0008", "refsource": "REDHAT"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014", "name": "MDVSA-2008:014", "refsource": "MANDRIVA"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432", "name": "HPSBUX02365", "refsource": "HP"}, {"url": "http://secunia.com/advisories/30430", "name": "30430", "refsource": "SECUNIA"}, {"url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6", "name": "http://www.apache.org/dist/httpd/CHANGES_2.2.6", "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html", "name": "APPLE-SA-2008-05-28", "refsource": "APPLE"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm", "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/33105", "name": "33105", "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586", "name": "apache-utf7-xss(36586)", "refsource": "XF"}, {"url": "http://secunia.com/advisories/28467", "name": "28467", "refsource": "SECUNIA"}, {"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html", "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html", "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html", "name": "RHSA-2008:0004", "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/28607", "name": "28607", "refsource": "SECUNIA"}, {"url": "http://security.gentoo.org/glsa/glsa-200711-06.xml", "name": "GLSA-200711-06", "refsource": "GENTOO"}, {"url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2", "name": "HPSBUX02431", "refsource": "HP"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html", "name": "FEDORA-2007-707", "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/28471", "name": "28471", "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2008/1697", "name": "ADV-2008-1697", "refsource": "VUPEN"}, {"url": "http://securityreason.com/achievement_securityalert/46", "name": "20070912 Apache2 Undefined Charset UTF-7 XSS Vulnerability", "refsource": "SREASONRES"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html", "name": "RHSA-2008:0261", "refsource": "REDHAT"}, {"url": "http://www.ubuntu.com/usn/usn-575-1", "name": "USN-575-1", "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/26842", "name": "26842", "refsource": "SECUNIA"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432", "name": "SSRT080118", "refsource": "HP"}, {"url": "http://secunia.com/advisories/35650", "name": "35650", "refsource": "SECUNIA"}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=186219", "name": "http://bugs.gentoo.org/show_bug.cgi?id=186219", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-4465", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2007-4465", "state": "PUBLISHED", "dateUpdated": "2025-01-17T14:50:38.126Z", "dateReserved": "2007-08-21T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2007-09-14T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C551481-3F93-4186-85B9-7B07D94B86D9", "versionEndExcluding": "2.0.61", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9EE889E-37B4-4DF6-8327-7D621E287F4F", "versionEndExcluding": "2.2.6", "versionStartIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mod_autoindex.c en el servidor HTTP Apache versiones anteriores a 2.2.6, cuando un juego de caracteres en una p\u00e1gina generada por el servidor no est\u00e1 definido, permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro P utilizando el juego de caracteres UTF-7.\r\nNOTA. Se podr\u00eda argumentar que este asunto se debe a una limitaci\u00f3n de dise\u00f1o de los navegadores que intentan realizar una detecci\u00f3n autom\u00e1tica de tipo de contenido."}], "id": "CVE-2007-4465", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2007-09-14T00:17:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/26842"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/26952"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/27563"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/27732"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28467"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28471"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28607"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28749"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/30430"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/31651"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/33105"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35650"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://securityreason.com/achievement_securityalert/46"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://securityreason.com/securityalert/3113"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1019194"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/25653"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-575-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"}, {"source": "cve@mitre.org", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1697"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=186219"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/26842"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/26952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/27563"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/27732"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28467"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28471"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28607"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28749"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/30430"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/31651"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/33105"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35650"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200711-06.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://securityreason.com/achievement_securityalert/46"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://securityreason.com/securityalert/3113"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1019194"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:014"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.novell.com/linux/security/advisories/2007_61_apache2.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/archives/fedora-package-announce/2007-September/msg00320.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0911.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/479237/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/25653"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-575-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1697"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36586"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10929"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6089"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00353.html"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "The Apache security team believe that this issue is due to web browsers that are violating RFC2616. \n\nHowever, Apache 2.2.6 and 2.0.61 add a workaround for such browsers by adding Type and Charset options to IndexOptions directive. This allows a site administrator to explicitly set the content-type and charset of the generated directory index page.", "lastModified": "2007-09-14T00:00:00", "organization": "Apache"}, {"comment": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the "AddDefaultCharset" directive and are using directory indexes. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. \n\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4465\n\n", "lastModified": "2007-09-18T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "ant-0:1.6.5-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "avalon-logkit-0:1.2-2jpp_4rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "axis-0:1.2.1-1jpp_3rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "classpathx-jaf-0:1.0-2jpp_6rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "classpathx-mail-0:1.1.1-2jpp_8rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "geronimo-specs-0:1.0-0.M4.1jpp_10rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "jakarta-commons-modeler-0:2.0-3jpp_2rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "log4j-0:1.2.12-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "mx4j-1:3.0.1-1jpp_4rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "pcsc-lite-0:1.3.3-3.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-ca-0:7.3.0-20.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-java-tools-0:7.3.0-10.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-kra-0:7.3.0-14.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-manage-0:7.3.0-19.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-native-tools-0:7.3.0-6.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-ocsp-0:7.3.0-13.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-tks-0:7.3.0-13.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "tomcat5-0:5.5.23-0jpp_4rh.16", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "xerces-j2-0:2.7.1-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "xml-commons-0:1.3.02-2jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2008:0004", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "apache-0:1.3.27-14.ent", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2008-01-15T00:00:00Z"}, {"advisory": "RHSA-2008:0005", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "httpd-0:2.0.46-70.ent", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2008-01-15T00:00:00Z"}, {"advisory": "RHSA-2008:0006", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "httpd-0:2.0.52-38.ent.2", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2008-01-15T00:00:00Z"}, {"advisory": "RHSA-2008:0008", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "httpd-0:2.2.3-11.el5_1.3", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2008-01-15T00:00:00Z"}, {"advisory": "RHSA-2008:0523", "cpe": "cpe:/a:redhat:network_proxy:4.2::el3", "package": "jabberd-0:2.0s10-3.37.rhn", "product_name": "Red Hat Network Proxy v 4.2 (RHEL 3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0523", "cpe": "cpe:/a:redhat:network_proxy:4.2::el3", "package": "rhn-apache-0:1.3.27-36.rhn.rhel3", "product_name": "Red Hat Network Proxy v 4.2 (RHEL 3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0523", "cpe": "cpe:/a:redhat:network_proxy:4.2::el3", "package": "rhn-modperl-0:1.29-16.rhel3", "product_name": "Red Hat Network Proxy v 4.2 (RHEL 3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0523", "cpe": "cpe:/a:redhat:network_proxy:4.2::el4", "package": "jabberd-0:2.0s10-3.38.rhn", "product_name": "Red Hat Network Proxy v 4.2 (RHEL 4)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0523", "cpe": "cpe:/a:redhat:network_proxy:4.2::el4", "package": "rhn-apache-0:1.3.27-36.rhn.rhel4", "product_name": "Red Hat Network Proxy v 4.2 (RHEL 4)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0523", "cpe": "cpe:/a:redhat:network_proxy:4.2::el4", "package": "rhn-modperl-0:1.29-16.rhel4", "product_name": "Red Hat Network Proxy v 4.2 (RHEL 4)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "jabberd-0:2.0s10-3.38.rhn", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "openmotif21-0:2.1.30-11.RHEL4.6", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "perl-Crypt-CBC-0:2.24-1.el4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-apache-0:1.3.27-36.rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-modjk-0:1.2.23-2rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-modperl-0:1.29-16.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "jabberd-0:2.0s10-3.37.rhn", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "openmotif21-0:2.1.30-9.RHEL3.8", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "perl-Crypt-CBC-0:2.24-1.el3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-apache-0:1.3.27-36.rhn.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-modjk-0:1.2.23-2rhn.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-modperl-0:1.29-16.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-modssl-0:2.8.12-8.rhn.10.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "jabberd-0:2.0s10-3.38.rhn", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "openmotif21-0:2.1.30-11.RHEL4.6", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "perl-Crypt-CBC-0:2.24-1.el4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-apache-0:1.3.27-36.rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-modjk-0:1.2.23-2rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-modperl-0:1.29-16.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2007:0911", "cpe": "cpe:/a:redhat:rhel_application_stack:1", "package": "httpd-0:2.0.59-1.el4s1.8", "product_name": "Red Hat Web Application Stack for RHEL 4", "release_date": "2007-10-25T00:00:00Z"}], "bugzilla": {"description": "mod_autoindex XSS", "id": "289511", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"}, "csaw": false, "cwe": "CWE-79", "details": ["Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection."], "name": "CVE-2007-4465", "public_date": "2007-09-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-4465\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-4465"], "statement": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.", "threat_severity": "Low"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object