Unrated severityNVD Advisory· Published Jan 8, 2008· Updated Jun 16, 2026
CVE-2007-6421
CVE-2007-6421
Description
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
27cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
- (no CPE)range: 2.2.0 - 2.2.6
- osv-coords19 versionspkg:apk/chainguard/apache2pkg:apk/chainguard/apache2-compatpkg:apk/chainguard/apache2-configpkg:apk/chainguard/apache2-config-compatpkg:apk/chainguard/apache2-datapkg:apk/chainguard/apache2-devpkg:apk/chainguard/apache2-docpkg:apk/chainguard/apache2-oci-entrypointpkg:apk/chainguard/apache2-utilspkg:apk/wolfi/apache2pkg:apk/wolfi/apache2-compatpkg:apk/wolfi/apache2-configpkg:apk/wolfi/apache2-config-compatpkg:apk/wolfi/apache2-datapkg:apk/wolfi/apache2-devpkg:apk/wolfi/apache2-docpkg:apk/wolfi/apache2-oci-entrypointpkg:apk/wolfi/apache2-utilspkg:rpm/opensuse/apache2&distro=openSUSE%20Tumbleweed
< 0+ 18 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 2.4.49-1.1
Patches
Vulnerability mechanics
References
37- docs.info.apple.com/article.htmlnvd
- httpd.apache.org/security/vulnerabilities_22.htmlnvd
- lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.htmlnvd
- secunia.com/advisories/28526nvd
- secunia.com/advisories/28749nvd
- secunia.com/advisories/28977nvd
- secunia.com/advisories/29420nvd
- secunia.com/advisories/29640nvd
- securityreason.com/securityalert/3523nvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2008-0008.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0009.htmlnvd
- www.securityfocus.com/archive/1/486169/100/0/threadednvd
- www.securityfocus.com/bid/27236nvd
- www.ubuntu.com/usn/usn-575-1nvd
- www.vupen.com/english/advisories/2008/0048nvd
- www.vupen.com/english/advisories/2008/0924/referencesnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/39474nvd
- lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Envd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10664nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8651nvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.htmlnvd
News mentions
0No linked articles in our index yet.