CVE-2008-0005
MEDIUM severity · CVSS 4.3 · Cross-site scripting (XSS)
4.3CVSS MEDIUM
Summary
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
Impact & exploitability
Attack vectorNetwork
Attack complexity—
Privileges required—
User interaction—
Confidentiality impactNone
Integrity impact—
Availability impactNone
Exploit probability (EPSS)15%
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://docs.info.apple.com/article.html?artnum=307562
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.htmlAdvisory
- http://lists.vmware.com/pipermail/security-announce/2009/000062.htmlAdvisory
- http://marc.info/?l=bugtraq&m=124654546101607&w=2Advisory
- http://marc.info/?l=bugtraq&m=125631037611762&w=2Advisory
- http://marc.info/?l=bugtraq&m=130497311408250&w=2Advisory
- http://secunia.com/advisories/28467