4.3

CVE-2008-2939

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

Data is provided by the National Vulnerability Database (NVD)
ApacheHTTP Server Version <= 2.0.63
ApacheHTTP Server Version >= 2.2.0 <= 2.2.9
ApplemacOS X Version <= 10.5.6
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version7.10
CanonicalUbuntu Linux Version8.04 SwEditionlts
OpensuseOpensuse Version10.2
OpensuseOpensuse Version10.3
OpensuseOpensuse Version11.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 67.24% 0.985
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Third Party Advisory
US Government Resource
http://www.ubuntu.com/usn/USN-731-1
Third Party Advisory
VDB Entry
http://www.kb.cert.org/vuls/id/663763
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/30560
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020635
Third Party Advisory
VDB Entry