Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-uv7q-n8wy-xqbm
Vulnerability ID VCID-uv7q-n8wy-xqbm
Aliases CVE-2007-6203
Summary Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
Status Published
Exploitability 2.0
Weighted Severity 0.7
Risk 1.4
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.73543 https://api.first.org/data/v1/epss?cve=CVE-2007-6203
epss 0.73543 https://api.first.org/data/v1/epss?cve=CVE-2007-6203
epss 0.73543 https://api.first.org/data/v1/epss?cve=CVE-2007-6203
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6203.json
https://api.first.org/data/v1/epss?cve=CVE-2007-6203
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203
409831 https://bugzilla.redhat.com/show_bug.cgi?id=409831
CVE-2007-6203;OSVDB-39003 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/30835.sh
CVE-2007-6203;OSVDB-39003 Exploit https://www.securityfocus.com/bid/26663/info
GLSA-200803-19 https://security.gentoo.org/glsa/200803-19
USN-731-1 https://usn.ubuntu.com/731-1/
Data source Exploit-DB
Date added Nov. 30, 2007
Description Apache 2.2.4 - 413 Error HTTP Request Method Cross-Site Scripting
Ransomware campaign use Known
Source publication date Nov. 30, 2007
Exploit type remote
Platform unix
Source update date Jan. 10, 2014
Source URL https://www.securityfocus.com/bid/26663/info
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.98825
EPSS Score 0.73543
Published At June 7, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:27:42.029376+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0