Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
Metrics
Affected Vendors & Products
References
History
Fri, 17 Jan 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: mitre
Published: 2007-09-14T00:00:00
Updated: 2025-01-17T14:50:38.126Z
Reserved: 2007-08-21T00:00:00
Link: CVE-2007-4465

Updated: 2024-08-07T14:53:56.077Z

Status : Modified
Published: 2007-09-14T00:17:00.000
Modified: 2025-01-17T15:15:10.747
Link: CVE-2007-4465
