Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2008-2939

Опубликовано: 05 авг. 2008
Источник: redhat

Описание

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Directory Server 8httpdWill not fix
Red Hat Certificate System 7.3antFixedRHSA-2010:060204.08.2010
Red Hat Certificate System 7.3avalon-logkitFixedRHSA-2010:060204.08.2010
Red Hat Certificate System 7.3axisFixedRHSA-2010:060204.08.2010
Red Hat Certificate System 7.3classpathx-jafFixedRHSA-2010:060204.08.2010
Red Hat Certificate System 7.3classpathx-mailFixedRHSA-2010:060204.08.2010
Red Hat Certificate System 7.3geronimo-specsFixedRHSA-2010:060204.08.2010
Red Hat Certificate System 7.3jakarta-commons-modelerFixedRHSA-2010:060204.08.2010
Red Hat Certificate System 7.3log4jFixedRHSA-2010:060204.08.2010
Red Hat Certificate System 7.3mx4jFixedRHSA-2010:060204.08.2010

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=458250httpd: mod_proxy_ftp globbing XSS

Связанные уязвимости

ubuntu логотип

CVE-2008-2939

ubuntu
почти 17 лет назад

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

nvd логотип

CVE-2008-2939

nvd
почти 17 лет назад

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

debian логотип

CVE-2008-2939

debian
почти 17 лет назад

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_pro ...

github логотип

GHSA-26m2-7wh6-pcq6

github
около 3 лет назад

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

oracle-oval логотип

ELSA-2008-0967

oracle-oval
больше 16 лет назад

ELSA-2008-0967: httpd security and bug fix update (MODERATE)