CVE-2008-2939 — Cross-site Scripting in Apache Http Server

CWE-79 — Cross-site Scripting8 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

64.6%

top 1.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Apple MAC OS X Canonical Ubuntu Linux +1 more

Timeline

PublishedAug 6

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDapache/http_server2.2.0 — 2.2.9+1

▶NVDapple/mac_os_x10.5.6

▶NVDopensuse/opensuse10.2, 10.3, 11.0+2

Also affects: Ubuntu Linux 6.06, 7.10, 8.04

🔴Vulnerability Details

GHSA

GHSA-26m2-7wh6-pcq6: Cross-site scripting (XSS) vulnerability in proxy_ftp↗2022-05-01

▶

OSV

CVE-2008-2939: Cross-site scripting (XSS) vulnerability in proxy_ftp↗2008-08-06

▶

CVEList

CVE-2008-2939: Cross-site scripting (XSS) vulnerability in proxy_ftp↗2008-08-06

▶

📋Vendor Advisories

Ubuntu

Apache vulnerabilities↗2009-03-10

▶

Red Hat

httpd: mod_proxy_ftp globbing XSS↗2008-08-05

▶

Debian

CVE-2008-2939: apache2 - Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp mod...↗2008

▶

💬Community

Bugzilla

CVE-2008-2939 httpd: mod_proxy_ftp globbing XSS↗2008-08-07

▶