4.3

CVE-2008-0005

Exploit
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version >= 2.0.35 < 2.0.63
ApacheHTTP Server Version >= 2.2.0 < 2.2.8
FedoraprojectFedora Version7
FedoraprojectFedora Version8
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.10
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.61% 0.962
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://docs.info.apple.com/article.html?artnum=307562
Broken Link
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Broken Link
Mailing List
http://www.vupen.com/english/advisories/2008/0924/references
Permissions Required
http://secunia.com/advisories/29420
Not Applicable
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=125631037611762&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://secunia.com/advisories/28749
Not Applicable
http://secunia.com/advisories/29640
Not Applicable
http://www.ubuntu.com/usn/usn-575-1
Third Party Advisory
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
Third Party Advisory
Mailing List
http://www.securityfocus.com/archive/1/505990/100/0/threaded
Third Party Advisory
VDB Entry
http://secunia.com/advisories/28467
Not Applicable
http://www.redhat.com/support/errata/RHSA-2008-0005.html
Third Party Advisory
http://marc.info/?l=bugtraq&m=124654546101607&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://secunia.com/advisories/28471
Not Applicable
http://secunia.com/advisories/28607
Not Applicable
http://secunia.com/advisories/35650
Not Applicable
http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:014
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0004.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0006.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0008.html
Third Party Advisory
http://secunia.com/advisories/29348
Not Applicable
http://secunia.com/advisories/30732
Not Applicable
http://security.gentoo.org/glsa/glsa-200803-19.xml
Third Party Advisory
http://www.vupen.com/english/advisories/2008/1875/references
Permissions Required
http://secunia.com/advisories/28526
Not Applicable
http://secunia.com/advisories/28977
Not Applicable
http://www.mandriva.com/security/advisories?name=MDVSA-2008:015
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:016
Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0007.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0009.html
Third Party Advisory
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html
Third Party Advisory
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html
Third Party Advisory
Mailing List
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
http://securityreason.com/achievement_securityalert/49
Third Party Advisory
Exploit
http://securityreason.com/securityalert/3526
Third Party Advisory
Exploit
http://www.securityfocus.com/archive/1/486167/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/27234
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1019185
Third Party Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/39615
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10812
Third Party Advisory