Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2939

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-2939
Last Modified 06 Jul 2011 12:00:00
Published 06 Aug 2008 02:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2939

Summary

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

Vulnerable Systems

Application

  • Apache Http Server 2.0

  • Apache Http Server 2.0.28

  • Apache Http Server 2.0.32

  • Apache Http Server 2.0.34

  • Apache Http Server 2.0.35

  • Apache Http Server 2.0.36

  • Apache Http Server 2.0.37

  • Apache Http Server 2.0.38

  • Apache Http Server 2.0.39

  • Apache Http Server 2.0.40

  • Apache Http Server 2.0.41

  • Apache Http Server 2.0.42

  • Apache Http Server 2.0.43

  • Apache Http Server 2.0.44

  • Apache Http Server 2.0.45

  • Apache Http Server 2.0.46

  • Apache Http Server 2.0.47

  • Apache Http Server 2.0.48

  • Apache Http Server 2.0.49

  • Apache Http Server 2.0.50

  • Apache Http Server 2.0.51

  • Apache Http Server 2.0.52

  • Apache Http Server 2.0.53

  • Apache Http Server 2.0.54

  • Apache Http Server 2.0.55

  • Apache Http Server 2.0.56

  • Apache Http Server 2.0.57

  • Apache Http Server 2.0.58

  • Apache Http Server 2.0.59

  • Apache Http Server 2.0.60

  • Apache Http Server 2.0.61

  • Apache Http Server 2.0.63

  • Apache Http Server 2.0.9

  • Apache Http Server 2.1

  • Apache Http Server 2.1.1

  • Apache Http Server 2.1.2

  • Apache Http Server 2.1.3

  • Apache Http Server 2.1.4

  • Apache Http Server 2.1.5

  • Apache Http Server 2.1.6

  • Apache Http Server 2.1.7

  • Apache Http Server 2.1.8

  • Apache Http Server 2.1.9

  • Apache Http Server 2.2

  • Apache Http Server 2.2.0

  • Apache Http Server 2.2.1

  • Apache Http Server 2.2.10

  • Apache Http Server 2.2.11

  • Apache Http Server 2.2.12

  • Apache Http Server 2.2.13

  • Apache Http Server 2.2.14

  • Apache Http Server 2.2.15

  • Apache Http Server 2.2.16

  • Apache Http Server 2.2.2

  • Apache Http Server 2.2.3

  • Apache Http Server 2.2.4

  • Apache Http Server 2.2.6

  • Apache Http Server 2.2.8

  • Apache Http Server 2.2.9


References

CERT - TA09-133A

CERT-VN - VU#663763

XF - apache-modproxyftp-xss(44223)

VUPEN - ADV-2009-1297

VUPEN - ADV-2009-0320

VUPEN - ADV-2008-2461

VUPEN - ADV-2008-2315

UBUNTU - USN-731-1

SECTRACK - 1020635

BID - 30560

BUGTRAQ - 20081122 rPSA-2008-0328-1 httpd mod_ssl

BUGTRAQ - 20081122 rPSA-2008-0327-1 httpd mod_ssl

BUGTRAQ - 20080806 Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting

REDHAT - RHSA-2008:0966

MISC - http://www.rapid7.com/advisories/R7-0033

MANDRIVA - MDVSA-2009:124

MANDRIVA - MDVSA-2008:195

MANDRIVA - MDVSA-2008:194

AIXAPAR - PK70937

AIXAPAR - PK70197

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0327

CONFIRM - http://svn.apache.org/viewvc?view=rev&revision=682871

CONFIRM - http://svn.apache.org/viewvc?view=rev&revision=682870

CONFIRM - http://svn.apache.org/viewvc?view=rev&revision=682868

CONFIRM - http://support.apple.com/kb/HT3549

SUNALERT - 247666

SECUNIA - 35074

SECUNIA - 34219

SECUNIA - 33797

SECUNIA - 33156

SECUNIA - 32838

SECUNIA - 32685

SECUNIA - 31673

SECUNIA - 31384

REDHAT - RHSA-2008:0967

HP - SSRT090192

HP - HPSBUX02401

SUSE - SUSE-SR:2008:024

APPLE - APPLE-SA-2009-05-12

HP - HPSBUX02465

HP - SSRT090005

Related Patches

Apple 2009-05-12 Security Update 2009-002 Server (Tiger PPC)

Apple 2009-05-12 Security Update 2009-002 (Tiger PPC)

Apple 2009-05-12 Mac OS X 10.5.7 Combo Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Update

Apple 2009-05-12 Mac OS X 10.5.7 Update

Apple 2009-05-12 Security Update 2009-002 (Tiger Intel)

Apple 2009-05-12 Mac OS X Server 10.5.7 Combo Update


Last Updated: 27 May 2016 10:47:28