Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0005

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0005
Last Modified 06 Sep 2011 10:41:45
Published 11 Jan 2008 07:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0005

Summary

mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

Vulnerable Systems

Application

  • Apache Http Server 1.3

  • Apache Http Server 2.0


References

FEDORA - FEDORA-2008-1695

FEDORA - FEDORA-2008-1711

XF - apache-modproxyftp-utf7-xss(39615)

VUPEN - ADV-2008-1875

VUPEN - ADV-2008-0924

UBUNTU - USN-575-1

SECTRACK - 1019185

BID - 27234

BUGTRAQ - 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server

BUGTRAQ - 20080110 SecurityReason - Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability

REDHAT - RHSA-2008:0009

REDHAT - RHSA-2008:0008

REDHAT - RHSA-2008:0007

REDHAT - RHSA-2008:0006

REDHAT - RHSA-2008:0005

REDHAT - RHSA-2008:0004

MANDRIVA - MDVSA-2008:016

MANDRIVA - MDVSA-2008:015

MANDRIVA - MDVSA-2008:014

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm

SREASON - 3526

SREASONRES - 20080110 Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability

GENTOO - GLSA-200803-19

SECUNIA - 35650

SECUNIA - 30732

SECUNIA - 29640

SECUNIA - 29420

SECUNIA - 29348

SECUNIA - 28977

SECUNIA - 28749

SECUNIA - 28607

SECUNIA - 28526

SECUNIA - 28471

SECUNIA - 28467

HP - SSRT090208

HP - HPSBOV02683

HP - HPSBUX02465

HP - HPSBUX02431

MLIST - [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server

SUSE - SUSE-SA:2008:021

APPLE - APPLE-SA-2008-03-18

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

HP - SSRT090192

HP - SSRT090085

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Leopard)

Apple 2008-03-26 Security Update 2008-002 v1.1 Server (Leopard) (Rev 2)

Apple 2008-03-26 Security Update 2008-002 v1.1 Client (Leopard) (Rev 2)


Last Updated: 27 May 2016 10:47:27