Details of VAR-200711-0538

ID

VAR-200711-0538

CVE

CVE-2007-6203

TITLE

Apache HTTP Server of 413 In the error message HTTP Problems not checking the method properly

Trust: 0.8

sources: JVNDB: JVNDB-2007-001017

DESCRIPTION

Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918. In order to use this problem to perform cross-site scripting attacks, the attacker is malicious to the user. HTTP It is reported as a prerequisite to have the method submitted. An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks. Apache 2.0.46 through 2.2.4 are vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Apache: Multiple vulnerabilities Date: March 11, 2008 Bugs: #201163, #204410, #205195, #209899 ID: 200803-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Apache. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/apache < 2.2.8 >= 2.2.8 Description =========== Adrian Pastor and Amir Azam (ProCheckUp) reported that the HTTP Method specifier header is not properly sanitized when the HTTP return code is "413 Request Entity too large" (CVE-2007-6203). The mod_proxy_balancer module does not properly check the balancer name before using it (CVE-2007-6422). The mod_proxy_ftp does not define a charset in its answers (CVE-2008-0005). Stefano Di Paola (Minded Security) reported that filenames are not properly sanitized within the mod_negociation module (CVE-2008-0455, CVE-2008-0456). Workaround ========== There is no known workaround at this time. Resolution ========== All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.2.8" References ========== [ 1 ] CVE-2007-6203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203 [ 2 ] CVE-2007-6422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6422 [ 3 ] CVE-2008-0005 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005 [ 4 ] CVE-2008-0455 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0455 [ 5 ] CVE-2008-0456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200803-19.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. =========================================================== Ubuntu Security Notice USN-731-1 March 10, 2009 apache2 vulnerabilities CVE-2007-6203, CVE-2007-6420, CVE-2008-1678, CVE-2008-2168, CVE-2008-2364, CVE-2008-2939 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: apache2-common 2.0.55-4ubuntu2.4 apache2-mpm-perchild 2.0.55-4ubuntu2.4 apache2-mpm-prefork 2.0.55-4ubuntu2.4 apache2-mpm-worker 2.0.55-4ubuntu2.4 Ubuntu 7.10: apache2-mpm-event 2.2.4-3ubuntu0.2 apache2-mpm-perchild 2.2.4-3ubuntu0.2 apache2-mpm-prefork 2.2.4-3ubuntu0.2 apache2-mpm-worker 2.2.4-3ubuntu0.2 apache2.2-common 2.2.4-3ubuntu0.2 Ubuntu 8.04 LTS: apache2-mpm-event 2.2.8-1ubuntu0.4 apache2-mpm-perchild 2.2.8-1ubuntu0.4 apache2-mpm-prefork 2.2.8-1ubuntu0.4 apache2-mpm-worker 2.2.8-1ubuntu0.4 apache2.2-common 2.2.8-1ubuntu0.4 In general, a standard system upgrade is sufficient to effect the necessary changes. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2007-6203) It was discovered that Apache was vulnerable to a cross-site request forgery (CSRF) in the mod_proxy_balancer balancer manager. If an Apache administrator were tricked into clicking a link on a specially crafted web page, an attacker could trigger commands that could modify the balancer manager configuration. This issue only affected Ubuntu 7.10 and 8.04 LTS. (CVE-2007-6420) It was discovered that Apache had a memory leak when using mod_ssl with compression. A remote attacker could exploit this to exhaust server memory, leading to a denial of service. This issue only affected Ubuntu 7.10. (CVE-2008-1678) It was discovered that in certain conditions, Apache did not specify a default character set when returning certain error messages containing UTF-7 encoded data, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-2168) It was discovered that when configured as a proxy server, Apache did not limit the number of forwarded interim responses. A malicious remote server could send a large number of interim responses and cause a denial of service via memory exhaustion. (CVE-2008-2364) It was discovered that mod_proxy_ftp did not sanitize wildcard pathnames when they are returned in directory listings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2008-2939) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.diff.gz Size/MD5: 123478 7a5b444231dc27ee60c1bd63f42420c6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.dsc Size/MD5: 1156 4f9a0f31d136914cf7d6e1a92656a47b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz Size/MD5: 6092031 45e32c9432a8e3cf4227f5af91b03622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.4_all.deb Size/MD5: 2124948 5153435633998e4190b54eb101afd271 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 833336 d5b9ecf82467eb04a94957321c4a95a2 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 228588 f4b9b82016eb22a60da83ae716fd028a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 223600 2cf77e3daaadcc4e07da5e19ecac2867 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 228216 60ff106ddefe9b68c055825bcd6ec52f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 171724 bae5e3d30111e97d34b25594993ad488 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 172508 77bdf00092378c89ae8be7f5139963e0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 94562 f3a168c57db1f5be11cfdba0bdc20062 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 36618 a7f34da28f7bae0cffb3fdb73da70143 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 286028 a5b380d9c6a651fe043ad2358ef61143 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_amd64.deb Size/MD5: 144590 9a4031c258cfa264fb8baf305bc0cea6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 786528 353ed1839a8201d0211ede114565e60d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 203256 7b0caa06fd47a28a8a92d1b69c0b4667 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 199114 6a77314579722ca085726e4220be4e9f http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 202654 ffad2838e3c8c79ecd7e21f79aa78216 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 171716 771492b2b238424e33e3e7853185c0ca http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 172498 b5f7a4ed03ebafa4c4ff75c05ebf53b7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 92520 787a673994d746b4ad3788c16516832a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 36620 4d5f0f18c3035f41cb8234af3cc1092c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 262082 d6a7111b9f2ed61e1aeb2f18f8713873 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_i386.deb Size/MD5: 132518 5a335222829c066cb9a0ddcaeee8a0da powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 859446 cf555341c1a8b4a39808b8a3bd76e03a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 220622 85b902b9eecf3d40577d9e1e8bf61467 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 216314 146e689e30c6e1681048f6cf1dd659e3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 220128 10f65b3961a164e070d2f18d610df67b http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 171726 9e341f225cb19d5c44f343cc68c0bba5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 172512 331dff8d3de7cd694d8e115417bed4f8 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 104284 7ab80f14cd9072d23389e27f934079f3 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 36620 713bfffcca8ec4e9531c635069f1cd0d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 281600 ad1671807965e2291b5568c7b4e95e14 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_powerpc.deb Size/MD5: 141744 6b04155aa1dbf6f657dbfa27d6086617 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 803706 f14be1535acf528f89d301c8ec092015 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 211028 28b74d86e10301276cadef208b460658 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 206566 6d6b2e1e3e0bbf8fc0a0bcca60a33339 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 210280 45690384f2e7e0a2168d7867283f9145 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 171732 6595a330344087593a9443b9cdf5e4ba http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 172498 f1ac3a442b21db9d2733e8221b218e25 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 93606 f229d1c258363d2d0dfb3688ec96638e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 36616 6f470e2e17dfc6d587fbe2bf861bfb06 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 268178 5a853d01127853405a677c53dc2bf254 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_sparc.deb Size/MD5: 130456 a0a51bb9405224948b88903779347427 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.diff.gz Size/MD5: 125080 c5c1b91f6918d42a75d23e95799b3707 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.dsc Size/MD5: 1333 b028e602b998a666681d1aa73b980c06 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz Size/MD5: 6365535 3add41e0b924d4bb53c2dee55a38c09e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.2_all.deb Size/MD5: 2211750 9dc3a7e0431fe603bbd82bf647d2d1f5 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb Size/MD5: 278670 985dd1538d0d2c6bb74c458eaada1cb7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.2_all.deb Size/MD5: 6702036 3cdb5e1a9d22d7172adfd066dd42d71a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2_all.deb Size/MD5: 42846 ba7b0cbf7f33ac3b6321c132bc2fec71 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_amd64.deb Size/MD5: 457286 b37825dc4bb0215284181aa5dfc9dd44 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_amd64.deb Size/MD5: 453094 380ea917048a64c2c9bc12d768ac2ffa http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_amd64.deb Size/MD5: 456804 b075ef4e563a55c7977af4d82d90e493 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_amd64.deb Size/MD5: 410658 6dff5030f33af340b2100e8591598d9d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_amd64.deb Size/MD5: 411244 9c79a2c0a2d4d8a88fae1b3f10d0e27c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_amd64.deb Size/MD5: 348256 ef1e159b64fe2524dc94b6ab9e22cefb http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_amd64.deb Size/MD5: 992256 0e9bac368bc57637079f839bcce8ebbc i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_i386.deb Size/MD5: 440388 bdb2ced3ca782cda345fcfb109e8b02a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_i386.deb Size/MD5: 436030 44d372ff590a6e42a83bcd1fb5e546fe http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_i386.deb Size/MD5: 439732 5119be595fb6ac6f9dd94d01353da257 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_i386.deb Size/MD5: 410656 01be0eca15fe252bbcab7562462af5ca http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_i386.deb Size/MD5: 411250 10d8929e9d37050488f2906fde13b2fd http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_i386.deb Size/MD5: 347322 d229c56720ae5f1f83645f66e1bfbdf1 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_i386.deb Size/MD5: 947460 3dc120127b16134b42e0124a1fdfa4ab lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_lpia.deb Size/MD5: 439896 8e856643ebeed84ffbeb6150f6e917c5 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_lpia.deb Size/MD5: 435524 ce18d9e09185526c93c6af6db7a6b5cf http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_lpia.deb Size/MD5: 439180 9622bf2dfee7941533faedd2e2d4ebbd http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_lpia.deb Size/MD5: 410674 684ad4367bc9250468351b5807dee424 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_lpia.deb Size/MD5: 411258 17f53e8d3898607ce155dc333237690c http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_lpia.deb Size/MD5: 347664 1197aa4145372ae6db497fb157cb0da1 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_lpia.deb Size/MD5: 939924 470a7163e2834781b2db0689750ce0f2 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_powerpc.deb Size/MD5: 458848 4efbbcc96f05a03301a13448f9cb3c01 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_powerpc.deb Size/MD5: 454226 1fe4c7712fd4597ed37730a27df95113 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_powerpc.deb Size/MD5: 458134 5786d901931cecd340cc1879e27bcef7 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_powerpc.deb Size/MD5: 410676 9fc94d5b21a8b0f7f8aab9dc60339abf http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_powerpc.deb Size/MD5: 411266 c44cde12a002910f9df02c10cdd26b0c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_powerpc.deb Size/MD5: 367392 612ddcebee145f765163a0b30124393a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_powerpc.deb Size/MD5: 1094288 72fd7d87f4876648d1e14a5022c61b00 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_sparc.deb Size/MD5: 441650 28e5a2c2d18239c0810b6de3584af221 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_sparc.deb Size/MD5: 437796 3ee7408c58fbdf8de6bf681970c1c9ad http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_sparc.deb Size/MD5: 441114 b1b1bb871fe0385ea4418d533f0669aa http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_sparc.deb Size/MD5: 410676 cf7bed097f63e3c24337813621866498 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_sparc.deb Size/MD5: 411252 5a30177f7039f52783576e126cf042d0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_sparc.deb Size/MD5: 350468 ce216a4e9739966cd2aca4262ba0ea4e http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_sparc.deb Size/MD5: 959090 98ad8ee7328f25e1e81e110bbfce10c2 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.diff.gz Size/MD5: 132376 1a3c4e93f08a23c3a3323cb02f5963b6 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.dsc Size/MD5: 1379 ed1a1e5de71b0e35100f60b21f959db4 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz Size/MD5: 6125771 39a755eb0f584c279336387b321e3dfc Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.4_all.deb Size/MD5: 1928164 86b52d997fe3e4baf9712be0562eed2d http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb Size/MD5: 72176 1f4efe37abf317c3c42c4c0a79a4f232 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.4_all.deb Size/MD5: 6254152 fe271b0e4aa0cf80e99b866c23707b6a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4_all.deb Size/MD5: 45090 3f44651df13cfd495d7c33dda1c709ea amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_amd64.deb Size/MD5: 252272 3d27b0311303e7c5912538fb7d4fc37c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_amd64.deb Size/MD5: 247850 1ce7ff6190c21da119d98b7568f2e5d0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_amd64.deb Size/MD5: 251658 ac7bc78b449cf8d28d4c10478c6f1409 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_amd64.deb Size/MD5: 204658 66e95c370f2662082f3ec41e4a033877 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_amd64.deb Size/MD5: 205336 6b1e7e0ab97b7dd4470c153275f1109c http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_amd64.deb Size/MD5: 140940 cad14e08ab48ca8eb06480c0db686779 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_amd64.deb Size/MD5: 801764 3759103e3417d44bea8866399ba34a66 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_i386.deb Size/MD5: 235194 dddbc62f458d9f1935087a072e1c6f67 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_i386.deb Size/MD5: 230748 db0a1dc277de5886655ad7b1cc5b0f1a http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_i386.deb Size/MD5: 234542 0e4997e9ed55d6086c439948cf1347ff http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_i386.deb Size/MD5: 204672 1f58383838b3b9f066e855af9f4e47e0 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_i386.deb Size/MD5: 205348 fa032fc136c5b26ccf364289a93a1cda http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_i386.deb Size/MD5: 139904 b503316d420ccb7efae5082368b95e01 http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_i386.deb Size/MD5: 754788 140fddccc1a6d3dc743d37ab422438c2 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_lpia.deb Size/MD5: 234752 bc06d67259257109fe8fc17204bc9950 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_lpia.deb Size/MD5: 230424 9421376c8f6d64e5c87af4f484b8aacf http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_lpia.deb Size/MD5: 233908 179236460d7b7b71dff5e1d1ac9f0509 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_lpia.deb Size/MD5: 204664 764d773d28d032767d697eec6c6fd50a http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_lpia.deb Size/MD5: 205342 2891770939b51b1ca6b8ac8ca9142db1 http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_lpia.deb Size/MD5: 140478 4a062088427f1d8b731e06d64eb7e2ea http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_lpia.deb Size/MD5: 748672 b66dbda7126616894cf97eb93a959af9 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_powerpc.deb Size/MD5: 253368 bad43203ed4615216bf28f6da7feb81b http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_powerpc.deb Size/MD5: 248800 aa757fd46cd79543a020dcd3c6aa1b26 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_powerpc.deb Size/MD5: 252904 682a940b7f3d14333037c80f7f01c793 http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_powerpc.deb Size/MD5: 204678 30af6c826869b647bc60ed2d99cc30f7 http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_powerpc.deb Size/MD5: 205376 cd02ca263703a6049a6fe7e11f72c98a http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_powerpc.deb Size/MD5: 157662 df6cdceecb8ae9d25bbd614142da0151 http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_powerpc.deb Size/MD5: 904904 34581d1b3c448a5de72a06393557dd48 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_sparc.deb Size/MD5: 236418 2eda543f97646f966f5678e2f2a0ba90 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_sparc.deb Size/MD5: 232386 69e2419f27867b77d94a652a83478ad7 http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_sparc.deb Size/MD5: 235788 414a49286d9e8dd7b343bd9207dc727b http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_sparc.deb Size/MD5: 204668 f7d099cd9d3ebc0baccbdd896c94a88f http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_sparc.deb Size/MD5: 205352 0a5cb5dfd823b4e6708a9bcc633a90cd http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_sparc.deb Size/MD5: 143108 ad78ead4ac992aec97983704b1a3877f http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_sparc.deb Size/MD5: 763946 0d40a8ebecfef8c1a099f2170fcddb73 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01905287 Version: 1 HPSBUX02465 SSRT090192 rev.1 - HP-UX Running Apache-based Web Server, Remote Denial of Service (DoS) Cross-Site Scripting (XSS) Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2009-10-21 Last Updated: 2009-10-21 Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite. References: CVE-2006-3918, CVE-2007-4465, CVE-2007-6203, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2364, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624, CVE-2008-5625, CVE-2008-5658. HP-UX B.11.23, B.11.31 running Apache-based Web Server versions before v2.2.8.05 HP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions before v2.0.59.12 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2006-3918 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-4465 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2007-6203 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0005 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-0599 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-2168 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2364 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-2371 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-2665 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-2666 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-2829 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-3658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-3659 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 CVE-2008-3660 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2008-5498 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-5557 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2008-5624 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-5625 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2008-5658 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location: URL http://software.hp.com Note: HP-UX Web Server Suite v3.06 contains HP-UX Apache-based Web Server v2.2.8.05 Note: HP-UX Web Server Suite v2.27 contains HP-UX Apache-based Web Server v2.0.59.12 Web Server Suite Version HP-UX Release Depot name Web Server v3.06 B.11.23 and B.11.31 PA-32 HPUX22SATW-1123-32.depot Web Server v3.06 B.11.23 and B.11.31 IA-64 HPUX22SATW-1123-64.depot Web Server v2.27 B.11.11 PA-32 HPUXSATW-1111-64-32.depot Web Server v2.27 B.11.23 PA-32 and IA-64 HPUXWSATW-1123-64-bit.depot Web Server v2.27 B.11.31 IA-32 and IA-64 HPUXSATW-1131-64.depot MANUAL ACTIONS: Yes - Update Install Apache-based Web Server from the Apache Web Server Suite v2.27 or subsequent or Install Apache-based Web Server from the Apache Web Server Suite v3.06 or subsequent PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS For Web Server Suite before v3.06 HP-UX B.11.23 ================== hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 action: install revision B.2.2.8.05 or subsequent HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 action: install revision B.2.2.8.05 or subsequent For Web Server Suite before v2.27 HP-UX B.11.11 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.12 or subsequent HP-UX B.11.23 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.12 or subsequent HP-UX B.11.31 ================== hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY action: install revision B.2.0.59.12 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) 21 October 2009 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEUEARECAAYFAkrguYgACgkQ4B86/C0qfVliOACWIZufVcaJyE/ap8OAmQqT87S7 hQCeKCPftsEV+4JPzQKz4B+EnYzQsJ0= =TAoy -----END PGP SIGNATURE-----

Trust: 2.34

sources: NVD: CVE-2007-6203 // JVNDB: JVNDB-2007-001017 // BID: 26663 // VULMON: CVE-2007-6203 // PACKETSTORM: 96536 // PACKETSTORM: 64520 // PACKETSTORM: 75604 // PACKETSTORM: 82164

AFFECTED PRODUCTS

vendor:	apache	model:	http server	scope:	eq	version:	2.1.3	Trust: 1.6
vendor:	apache	model:	http server	scope:	eq	version:	2.2.4	Trust: 1.6
vendor:	apache	model:	http server	scope:	eq	version:	2.0.58	Trust: 1.6
vendor:	apache	model:	http server	scope:	eq	version:	2.1.2	Trust: 1.6
vendor:	apache	model:	http server	scope:	eq	version:	2.1.1	Trust: 1.6
vendor:	apache	model:	http server	scope:	eq	version:	2.1.5	Trust: 1.6
vendor:	apache	model:	http server	scope:	eq	version:	2.2.2	Trust: 1.6
vendor:	apache	model:	http server	scope:	eq	version:	2.0.59	Trust: 1.6
vendor:	apache	model:	http server	scope:	eq	version:	2.2.3	Trust: 1.6
vendor:	apache	model:	http server	scope:	eq	version:	2.1.4	Trust: 1.6
vendor:	apache	model:	http server	scope:	eq	version:	2.0.52	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	2.0.53	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	2.0.46	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	2.2.0	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	2.0.47	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	2.0.50	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	2.0.51	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	2.1.6	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	2.1.7	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	2.0.48	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	2.0.54	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	2.0.55	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	2.0.57	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	2.0.49	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	2.1.8	Trust: 1.0
vendor:	apache	model:	http server	scope:	lte	version:	2.0.62	Trust: 0.8
vendor:	apache	model:	http server	scope:	lte	version:	2.2.7	Trust: 0.8
vendor:	ibm	model:	http server	scope:	lt	version:	2.0.47.1	Trust: 0.8
vendor:	ibm	model:	http server	scope:	lt	version:	6.0.2.27	Trust: 0.8
vendor:	ibm	model:	http server	scope:	lt	version:	6.1.0.15	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	v10.5.2	Trust: 0.8
vendor:	apple	model:	mac os x server	scope:	eq	version:	v10.5.2	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3.0 (x86-64)	Trust: 0.8
vendor:	turbo linux	model:	turbolinux appliance server	scope:	eq	version:	2.0	Trust: 0.8
vendor:	turbo linux	model:	turbolinux fuji	scope:	-	version:	-	Trust: 0.8
vendor:	turbo linux	model:	turbolinux multimedia	scope:	-	version:	-	Trust: 0.8
vendor:	turbo linux	model:	turbolinux personal	scope:	-	version:	-	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	10	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	10 (x64)	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	11	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	11 (x64)	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.11	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.23	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.31	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server	scope:	eq	version:	enterprise version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server	scope:	eq	version:	standard version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus application server	scope:	eq	version:	version 5	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer	scope:	eq	version:	light version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer	scope:	eq	version:	professional version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer	scope:	eq	version:	standard version 6	Trust: 0.8
vendor:	hitachi	model:	cosminexus developer	scope:	eq	version:	version 5	Trust: 0.8
vendor:	hitachi	model:	cosminexus server	scope:	eq	version:	enterprise edition	Trust: 0.8
vendor:	hitachi	model:	cosminexus server	scope:	eq	version:	standard edition	Trust: 0.8
vendor:	hitachi	model:	cosminexus server	scope:	eq	version:	standard edition version 4	Trust: 0.8
vendor:	hitachi	model:	cosminexus server	scope:	eq	version:	web edition	Trust: 0.8
vendor:	hitachi	model:	cosminexus server	scope:	eq	version:	web edition version 4	Trust: 0.8
vendor:	hitachi	model:	web server	scope:	-	version:	-	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	enterprise	Trust: 0.8
vendor:	hitachi	model:	ucosminexus application server	scope:	eq	version:	standard	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	light	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	professional	Trust: 0.8
vendor:	hitachi	model:	ucosminexus developer	scope:	eq	version:	standard	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service	scope:	eq	version:	architect	Trust: 0.8
vendor:	hitachi	model:	ucosminexus service	scope:	eq	version:	platform	Trust: 0.8
vendor:	fujitsu	model:	interstage application framework suite	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage application server	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage apworks	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage business application server	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage job workload server	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage studio	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage web server	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	systemwalker resource coordinator	scope:	-	version:	-	Trust: 0.8
vendor:	fujitsu	model:	interstage job workload server	scope:	eq	version:	8.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	6.1.0	Trust: 0.3
vendor:	fujitsu	model:	interstage studio enterprise edition	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.23	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.58	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.54	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks modelers-j edition	scope:	eq	version:	6.0	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	11x64	Trust: 0.3
vendor:	s u s e	model:	linux	scope:	eq	version:	10.1x86-64	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	7.0	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.52	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	6.0.2.13	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	11	Trust: 0.3
vendor:	turbolinux	model:	personal	scope:	-	version:	-	Trust: 0.3
vendor:	suse	model:	linux enterprise sdk 10.sp1	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	ne	version:	2.2.8	Trust: 0.3
vendor:	fujitsu	model:	interstage studio enterprise edition	scope:	eq	version:	9.0	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	8.04	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.59	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	8.04	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.49	Trust: 0.3
vendor:	s u s e	model:	novell linux desktop sdk	scope:	eq	version:	9.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	6.1.0.1	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	6.06	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.50	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks modelers-j edition 6.0a	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	linux ppc	scope:	eq	version:	10.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	s u s e	model:	linux	scope:	eq	version:	10.1x86	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.8	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	6.06	Trust: 0.3
vendor:	turbolinux	model:	appliance server	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.4	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	8.04	Trust: 0.3
vendor:	ubuntu	model:	linux lpia	scope:	eq	version:	7.10	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard edition	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	6.0.2.19	Trust: 0.3
vendor:	ibm	model:	hardware management console for pseries r1.3	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	9.1	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.51	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp1	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	turbolinux	model:	fuji	scope:	eq	version:	0	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.2	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	6.1.15	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.53	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ibm	model:	hardware management console for iseries r1.3	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks modelers-j edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	9.1	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.55	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.7	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	7.10	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	2.0.47.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	2.0.47	Trust: 0.3
vendor:	fujitsu	model:	interstage application server web-j edition	scope:	eq	version:	5.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	6.0	Trust: 0.3
vendor:	ubuntu	model:	linux lts lpia	scope:	eq	version:	8.04	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	10.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	s u s e	model:	novell linux pos	scope:	eq	version:	9	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.5	Trust: 0.3
vendor:	s u s e	model:	open-enterprise-server	scope:	eq	version:	0	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	9	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.11	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.3	Trust: 0.3
vendor:	s u s e	model:	novell linux desktop	scope:	eq	version:	9.0	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.48	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	7.10	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition a	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	10.2	Trust: 0.3
vendor:	hp	model:	hp-ux b.11.31	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.47	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	7.10	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.0.46	Trust: 0.3
vendor:	suse	model:	opensuse	scope:	eq	version:	10.3	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	6.0.2.12	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	10.0.0x64	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.3	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.2.4	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	6.1.0.13	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	6.0.2.27	Trust: 0.3
vendor:	ibm	model:	http server	scope:	eq	version:	6.0.2.23	Trust: 0.3
vendor:	turbolinux	model:	multimedia	scope:	-	version:	-	Trust: 0.3
vendor:	apache	model:	software foundation apache	scope:	eq	version:	2.1.6	Trust: 0.3

sources: BID: 26663 // JVNDB: JVNDB-2007-001017 // CNNVD: CNNVD-200712-012 // NVD: CVE-2007-6203

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2007-6203
value:	MEDIUM
Trust: 1.8
CNNVD:	CNNVD-200712-012
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2007-6203
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	TRUE
version:	2.0
Trust: 1.0
NVD:	CVE-2007-6203
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9

sources: VULMON: CVE-2007-6203 // JVNDB: JVNDB-2007-001017 // CNNVD: CNNVD-200712-012 // NVD: CVE-2007-6203

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2007-001017 // NVD: CVE-2007-6203

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200712-012

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 82164 // CNNVD: CNNVD-200712-012

CONFIGURATIONS

sources: NVD: CVE-2007-6203

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2007-6203

PATCH

title:	httpd-2.3	url:	http://httpd.apache.org/dev/devnotes.html	Trust: 0.8
title:	600645	url:	http://svn.apache.org/viewvc?view=rev&revision=600645	Trust: 0.8
title:	Security Update 2008-002	url:	http://docs.info.apple.com/article.html?artnum=307562-en	Trust: 0.8
title:	Security Update 2008-002	url:	http://docs.info.apple.com/article.html?artnum=307562-ja	Trust: 0.8
title:	Changes with Apache 2.0.62	url:	http://www.apache.org/dist/httpd/changes_2.0.63	Trust: 0.8
title:	Changes with Apache 2.2.7	url:	http://www.apache.org/dist/httpd/changes_2.2.8	Trust: 0.8
title:	HS08-004	url:	http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs08-004/index.html	Trust: 0.8
title:	HPSBUX02612	url:	http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?lang=en&cc=us&objectid=c02579879	Trust: 0.8
title:	HPSBUX02465	url:	http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c01905287	Trust: 0.8
title:	7008517	url:	http://www-1.ibm.com/support/docview.wss?rs=177&uid=swg27008517#61015	Trust: 0.8
title:	PK65782	url:	http://www-1.ibm.com/support/docview.wss?uid=swg1pk65782	Trust: 0.8
title:	PK57952	url:	http://www-1.ibm.com/support/docview.wss?uid=swg1pk57952	Trust: 0.8
title:	4019245	url:	http://www-1.ibm.com/support/docview.wss?uid=swg24019245	Trust: 0.8
title:	1266	url:	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1266	Trust: 0.8
title:	TLSA-2008-24	url:	http://www.turbolinux.co.jp/security/2008/tlsa-2008-24j.txt	Trust: 0.8
title:	HS08-004	url:	http://www.hitachi-support.com/security/vuls/hs08-004/index.html	Trust: 0.8
title:	interstage_as_200807	url:	http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200807.html	Trust: 0.8
title:	Ubuntu Security Notice: apache2 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-731-1	Trust: 0.1
title:	Debian CVElist Bug Report Logs: apache2: CVE-2007-4465	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=8a7503dd359ab44b424a9918eb8a6f66	Trust: 0.1
title:	-	url:	https://github.com/secureaxom/strike	Trust: 0.1

sources: VULMON: CVE-2007-6203 // JVNDB: JVNDB-2007-001017

EXTERNAL IDS

db:	NVD	id:	CVE-2007-6203	Trust: 3.2
db:	BID	id:	26663	Trust: 2.8
db:	SECUNIA	id:	27906	Trust: 2.5
db:	SECTRACK	id:	1019030	Trust: 2.5
db:	SECUNIA	id:	29348	Trust: 1.7
db:	SECUNIA	id:	33105	Trust: 1.7
db:	SECUNIA	id:	30356	Trust: 1.7
db:	SECUNIA	id:	29640	Trust: 1.7
db:	SECUNIA	id:	28196	Trust: 1.7
db:	SECUNIA	id:	30732	Trust: 1.7
db:	SECUNIA	id:	29420	Trust: 1.7
db:	SECUNIA	id:	34219	Trust: 1.7
db:	SREASON	id:	3411	Trust: 1.7
db:	VUPEN	id:	ADV-2007-4301	Trust: 1.7
db:	VUPEN	id:	ADV-2008-1875	Trust: 1.7
db:	VUPEN	id:	ADV-2008-0924	Trust: 1.7
db:	VUPEN	id:	ADV-2008-1623	Trust: 1.7
db:	VUPEN	id:	ADV-2007-4060	Trust: 1.7
db:	XF	id:	38800	Trust: 1.4
db:	USCERT	id:	TA08-079A	Trust: 0.8
db:	USCERT	id:	SA08-079A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2007-001017	Trust: 0.8
db:	GENTOO	id:	GLSA-200803-19	Trust: 0.6
db:	HP	id:	SSRT090192	Trust: 0.6
db:	SUSE	id:	SUSE-SA:2008:021	Trust: 0.6
db:	BUGTRAQ	id:	20071130 PR07-37: XSS ON APACHE HTTP SERVER 413 ERROR PAGES VIA MALFORMED HTTP METHOD	Trust: 0.6
db:	AIXAPAR	id:	PK65782	Trust: 0.6
db:	AIXAPAR	id:	PK57952	Trust: 0.6
db:	UBUNTU	id:	USN-731-1	Trust: 0.6
db:	XF	id:	413	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2008-03-18	Trust: 0.6
db:	CNNVD	id:	CNNVD-200712-012	Trust: 0.6
db:	EXPLOIT-DB	id:	30835	Trust: 0.1
db:	VULMON	id:	CVE-2007-6203	Trust: 0.1
db:	PACKETSTORM	id:	96536	Trust: 0.1
db:	PACKETSTORM	id:	64520	Trust: 0.1
db:	PACKETSTORM	id:	75604	Trust: 0.1
db:	PACKETSTORM	id:	82164	Trust: 0.1

sources: VULMON: CVE-2007-6203 // BID: 26663 // JVNDB: JVNDB-2007-001017 // PACKETSTORM: 96536 // PACKETSTORM: 64520 // PACKETSTORM: 75604 // PACKETSTORM: 82164 // CNNVD: CNNVD-200712-012 // NVD: CVE-2007-6203

REFERENCES

url:	http://www.securityfocus.com/bid/26663	Trust: 2.5
url:	http://www.securitytracker.com/id?1019030	Trust: 2.5
url:	http://marc.info/?l=bugtraq&m=125631037611762&w=2	Trust: 2.3
url:	http://www-1.ibm.com/support/docview.wss?uid=swg1pk57952	Trust: 2.0
url:	http://www-1.ibm.com/support/docview.wss?uid=swg24019245	Trust: 2.0
url:	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200807e.html	Trust: 2.0
url:	http://security.gentoo.org/glsa/glsa-200803-19.xml	Trust: 1.8
url:	http://procheckup.com/vulnerability_pr07-37.php	Trust: 1.7
url:	http://secunia.com/advisories/27906	Trust: 1.7
url:	http://secunia.com/advisories/28196	Trust: 1.7
url:	http://secunia.com/advisories/29348	Trust: 1.7
url:	http://docs.info.apple.com/article.html?artnum=307562	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2008/mar/msg00001.html	Trust: 1.7
url:	http://secunia.com/advisories/29420	Trust: 1.7
url:	http://securityreason.com/securityalert/3411	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html	Trust: 1.7
url:	http://secunia.com/advisories/29640	Trust: 1.7
url:	http://secunia.com/advisories/30356	Trust: 1.7
url:	http://secunia.com/advisories/30732	Trust: 1.7
url:	http://secunia.com/advisories/33105	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-731-1	Trust: 1.7
url:	http://secunia.com/advisories/34219	Trust: 1.7
url:	http://www.frsirt.com/english/advisories/2007/4060	Trust: 1.4
url:	http://xforce.iss.net/xforce/xfdb/38800	Trust: 1.4
url:	http://marc.info/?l=bugtraq&m=129190899612998&w=2	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/4301	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/4060	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2008/1623/references	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2008/0924/references	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2008/1875/references	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/38800	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12166	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/484410/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6203	Trust: 0.9
url:	http://jvn.jp/cert/jvnta08-079a/index.html	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-6203	Trust: 0.8
url:	http://secunia.com/advisories/27906/	Trust: 0.8
url:	http://www.us-cert.gov/cas/alerts/sa08-079a.html	Trust: 0.8
url:	http://www.us-cert.gov/cas/techalerts/ta08-079a.html	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/484410/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2008/1875/references	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/4301	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2008/1623/references	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2008/0924/references	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2007-6203	Trust: 0.4
url:	http://httpd.apache.org/	Trust: 0.3
url:	http://issues.apache.org/bugzilla/show_bug.cgi?id=44014	Trust: 0.3
url:	http://www.apache.org/dist/httpd/changes_2.2.8	Trust: 0.3
url:	https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v61.readme.html#mh01110	Trust: 0.3
url:	/archive/1/484410	Trust: 0.3
url:	http://software.hp.com	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2006-3918	Trust: 0.2
url:	http://www.itrc.hp.com/service/cki/secbullarchive.do	Trust: 0.2
url:	http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc	Trust: 0.2
url:	https://www.hp.com/go/swa	Trust: 0.2
url:	http://h30046.www3.hp.com/subsignin.php	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2008-0005	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2008-2364	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2008-2939	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2008-2168	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/30835/	Trust: 0.1
url:	https://usn.ubuntu.com/731-1/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-0023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2010-1452	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1956	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1890	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1195	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1955	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2009-1891	Trust: 0.1
url:	http://bugs.gentoo.org.	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6422	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0456	Trust: 0.1
url:	http://enigmail.mozdev.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-0456	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-0455	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0455	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-6422	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0005	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_sparc.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-1678	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.8-1ubuntu0.4_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.4_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.4-3ubuntu0.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.8-1ubuntu0.4_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4.orig.tar.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.diff.gz	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.8-1ubuntu0.4.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-src_2.2.4-3ubuntu0.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.4-3ubuntu0.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.4-3ubuntu0.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.2.4-3ubuntu0.2_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.4-3ubuntu0.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.4-3ubuntu0.2_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.8-1ubuntu0.4_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_amd64.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_sparc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.2.4-3ubuntu0.2.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.4-3ubuntu0.2_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.2.8-1ubuntu0.4_all.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-prefork_2.2.8-1ubuntu0.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-utils_2.2.8-1ubuntu0.4_lpia.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-6420	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.4_powerpc.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-prefork-dev_2.2.8-1ubuntu0.4_lpia.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2-mpm-worker_2.2.8-1ubuntu0.4_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.4-3ubuntu0.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.2.8-1ubuntu0.4_i386.deb	Trust: 0.1
url:	http://ports.ubuntu.com/pool/main/a/apache2/apache2.2-common_2.2.8-1ubuntu0.4_lpia.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.4_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.4_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-event_2.2.4-3ubuntu0.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.4_amd64.deb	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-2371	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-3660	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-5498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-0599	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-2829	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-2665	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-5557	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-5624	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-3659	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-2666	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2008-3658	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2007-4465	Trust: 0.1

CREDITS

Amit Klein Amit.Klein@SanctumInc.com

Trust: 0.6

sources: CNNVD: CNNVD-200712-012

SOURCES

db:	VULMON	id:	CVE-2007-6203
db:	BID	id:	26663
db:	JVNDB	id:	JVNDB-2007-001017
db:	PACKETSTORM	id:	96536
db:	PACKETSTORM	id:	64520
db:	PACKETSTORM	id:	75604
db:	PACKETSTORM	id:	82164
db:	CNNVD	id:	CNNVD-200712-012
db:	NVD	id:	CVE-2007-6203

LAST UPDATE DATE

2024-05-17T20:27:22.641000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2007-6203	date:	2018-10-15T00:00:00
db:	BID	id:	26663	date:	2014-02-11T00:26:00
db:	JVNDB	id:	JVNDB-2007-001017	date:	2010-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200712-012	date:	2009-03-20T00:00:00
db:	NVD	id:	CVE-2007-6203	date:	2018-10-15T21:50:58.373

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2007-6203	date:	2007-12-03T00:00:00
db:	BID	id:	26663	date:	2007-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2007-001017	date:	2007-12-20T00:00:00
db:	PACKETSTORM	id:	96536	date:	2010-12-09T12:11:11
db:	PACKETSTORM	id:	64520	date:	2008-03-13T04:49:36
db:	PACKETSTORM	id:	75604	date:	2009-03-10T21:13:00
db:	PACKETSTORM	id:	82164	date:	2009-10-23T18:14:28
db:	CNNVD	id:	CNNVD-200712-012	date:	2007-11-30T00:00:00
db:	NVD	id:	CVE-2007-6203	date:	2007-12-03T22:46:00