NVD脆弱性詳細

CVE-2007-6421

概要	Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
公表日	2008年1月9日4:46
登録日	2021年1月29日14:25
最終更新日	2023年11月7日11:01

CVSS2.0 : LOW
スコア	3.5
ベクター	AV:N/AC:M/Au:S/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	単一
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:apache:http_server:2.2:::::::*
cpe:2.3:a:apache:http_server:2.2.2:::::::*
cpe:2.3:a:apache:http_server:2.2.4:::::::*
cpe:2.3:a:apache:http_server:2.2.6:::::::*
cpe:2.3:a:apache:http_server:2.2.3:::::::*
cpe:2.3:a:apache:http_server:2.2.1:::::::*
cpe:2.3:a:apache:http_server:-:::::::*

関連情報、対策とツール

No	URL	refsource
1	http://httpd.apache.org/security/vulnerabilities_22.html	CONFIRM
2	http://www.redhat.com/support/errata/RHSA-2008-0008.html	REDHAT
3	http://www.securityfocus.com/bid/27236	BID
4	http://www.mandriva.com/security/advisories?name=MDVSA-2008:016	MANDRIVA
5	http://secunia.com/advisories/28526	SECUNIA
6	http://www.ubuntu.com/usn/usn-575-1	UBUNTU
7	http://secunia.com/advisories/28749	SECUNIA
8	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html	FEDORA
9	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html	FEDORA
10	http://secunia.com/advisories/28977	SECUNIA
11	http://docs.info.apple.com/article.html?artnum=307562	CONFIRM
12	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	APPLE
13	http://secunia.com/advisories/29420	SECUNIA
14	http://securityreason.com/securityalert/3523	SREASON
15	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html	SUSE
16	http://secunia.com/advisories/29640	SECUNIA
17	http://www.redhat.com/support/errata/RHSA-2008-0009.html	REDHAT
18	http://www.vupen.com/english/advisories/2008/0048	VUPEN
19	http://www.vupen.com/english/advisories/2008/0924/references	VUPEN
20	https://exchange.xforce.ibmcloud.com/vulnerabilities/39474	XF
21	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8651	OVAL
22	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10664	OVAL
23	http://www.securityfocus.com/archive/1/486169/100/0/threaded	BUGTRAQ
24	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
25	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
26	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
27	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
28	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
29	https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
30	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
31	https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
32	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
33	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
34	https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
35	https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
36	https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
37	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

構成1	以上	以下	より上	未満
cpe:2.3:a:apache:http_server:2.2:::::::*
cpe:2.3:a:apache:http_server:2.2.2:::::::*
cpe:2.3:a:apache:http_server:2.2.4:::::::*
cpe:2.3:a:apache:http_server:2.2.6:::::::*
cpe:2.3:a:apache:http_server:2.2.3:::::::*
cpe:2.3:a:apache:http_server:2.2.1:::::::*
cpe:2.3:a:apache:http_server:-:::::::*