CVE-2008-0005 — Cross-site Scripting in Apache Http Server

CWE-79 — Cross-site Scripting9 documents9 sources

Severity

4.3MEDIUMNVD

EPSS

2.6%

top 14.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Canonical Ubuntu Linux Fedoraproject Fedora

Timeline

PublishedJan 12

Latest updateMay 1

Description

mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server2.0.35 — 2.0.63+1

Also affects: Fedora 7, 8, Ubuntu Linux 6.06, 6.10, 7.04, 7.10

🔴Vulnerability Details

GHSA

GHSA-m62c-mf8p-77p9: mod_proxy_ftp in Apache 2↗2022-05-01

▶

CVEList

CVE-2008-0005: mod_proxy_ftp in Apache 2↗2008-01-12

▶

OSV

CVE-2008-0005: mod_proxy_ftp in Apache 2↗2008-01-12

▶

📋Vendor Advisories

Ubuntu

Apache vulnerabilities↗2008-02-04

▶

Red Hat

mod_proxy_ftp XSS↗2008-01-02

▶

Debian

CVE-2008-0005: apache2 - mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3...↗2008

▶

Apache

Apache httpd: CVE-2008-0005↗

▶

💬Community

Bugzilla

CVE-2008-0005 mod_proxy_ftp XSS↗2008-01-07

▶