6.1
CVE-2026-29170
- EPSS 0.5%
- Veröffentlicht 08.06.2026 15:10:09
- Zuletzt bearbeitet 09.06.2026 16:21:31
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache HTTP Server: mod_proxy_ftp XSS
A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ HTTP Server Version < 2.4.68
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.39 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2026/06/08/5