CVE-2008-2939

MEDIUM severity · CVSS 4.3 · Cross-site scripting (XSS)

4.3CVSS MEDIUM

Summary

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

Impact & exploitability

Attack vectorNetwork

Attack complexity—

Privileges required—

User interaction—

Confidentiality impactNone

Integrity impact—

Availability impactNone

Exploit probability (EPSS)65%

AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected products we track (2)

Apache HTTP Server Ubuntu

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.htmlAdvisory
http://marc.info/?l=bugtraq&m=123376588623823&w=2Advisory
http://marc.info/?l=bugtraq&m=125631037611762&w=2Advisory
http://rhn.redhat.com/errata/RHSA-2008-0967.htmlAdvisory
http://secunia.com/advisories/31384
http://secunia.com/advisories/31673
http://secunia.com/advisories/32685