Search for vulnerabilities
Vulnerability details: VCID-crab-dc3m-aaam
Vulnerability ID VCID-crab-dc3m-aaam
Aliases CVE-2007-6421
Summary Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0008
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0009
epss 0.00467 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.00533 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.00697 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.00697 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.00697 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.01676 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.01676 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.01676 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.01676 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.01676 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.01676 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.03015 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
epss 0.0496 https://api.first.org/data/v1/epss?cve=CVE-2007-6421
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=427229
apache_httpd low https://httpd.apache.org/security/json/CVE-2007-6421.json
cvssv2 3.5 https://nvd.nist.gov/vuln/detail/CVE-2007-6421
Reference id Reference type URL
http://docs.info.apple.com/article.html?artnum=307562
http://httpd.apache.org/security/vulnerabilities_22.html
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6421.json
https://api.first.org/data/v1/epss?cve=CVE-2007-6421
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6421
http://secunia.com/advisories/28526
http://secunia.com/advisories/28749
http://secunia.com/advisories/28977
http://secunia.com/advisories/29420
http://secunia.com/advisories/29640
http://securityreason.com/securityalert/3523
https://exchange.xforce.ibmcloud.com/vulnerabilities/39474
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10664
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8651
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:016
http://www.redhat.com/support/errata/RHSA-2008-0008.html
http://www.redhat.com/support/errata/RHSA-2008-0009.html
http://www.securityfocus.com/archive/1/486169/100/0/threaded
http://www.securityfocus.com/bid/27236
http://www.ubuntu.com/usn/usn-575-1
http://www.vupen.com/english/advisories/2008/0048
http://www.vupen.com/english/advisories/2008/0924/references
427229 https://bugzilla.redhat.com/show_bug.cgi?id=427229
cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
CVE-2007-6421 https://httpd.apache.org/security/json/CVE-2007-6421.json
CVE-2007-6421 https://nvd.nist.gov/vuln/detail/CVE-2007-6421
RHSA-2008:0008 https://access.redhat.com/errata/RHSA-2008:0008
RHSA-2008:0009 https://access.redhat.com/errata/RHSA-2008:0009
USN-575-1 https://usn.ubuntu.com/575-1/
No exploits are available.
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2007-6421
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.76009
EPSS Score 0.00467
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.