CVE-2007-6421

NameCVE-2007-6421
DescriptionCross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
apache2 (PTS)jessie (security), jessie2.4.10-10+deb8u12fixed
stretch2.4.25-3+deb9u6fixed
stretch (security)2.4.25-3+deb9u4fixed
buster, sid2.4.37-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
apache2source(unstable)2.2.8-1low
apache2sourceetch2.2.3-4+etch4low
apache2sourcesarge(not affected)

Notes

[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)

Search for package or bug name: Reporting problems