Back to search
CVE-2008-2939
Published: Aug 6, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://svn.apache.org/viewvc?view=rev&revision=682868
x_refsource_CONFIRM
34219
third-party-advisory
x_refsource_SECUNIA
HPSBUX02465
vendor-advisory
x_refsource_HP
http://support.apple.com/kb/HT3549
x_refsource_CONFIRM
SUSE-SR:2008:024
vendor-advisory
x_refsource_SUSE
247666
vendor-advisory
x_refsource_SUNALERT
32838
third-party-advisory
x_refsource_SECUNIA
20081122 rPSA-2008-0328-1 httpd mod_ssl
mailing-list
x_refsource_BUGTRAQ
http://www.rapid7.com/advisories/R7-0033
x_refsource_MISC
35074
third-party-advisory
x_refsource_SECUNIA
RHSA-2008:0967
vendor-advisory
x_refsource_REDHAT
SSRT090192
vendor-advisory
x_refsource_HP
30560
vdb-entry
x_refsource_BID
32685
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2009-05-12
vendor-advisory
x_refsource_APPLE
USN-731-1
vendor-advisory
x_refsource_UBUNTU
31673
third-party-advisory
x_refsource_SECUNIA
ADV-2009-0320
vdb-entry
x_refsource_VUPEN
20080806 Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting
mailing-list
x_refsource_BUGTRAQ
PK70197
vendor-advisory
x_refsource_AIXAPAR
RHSA-2008:0966
vendor-advisory
x_refsource_REDHAT
33156
third-party-advisory
x_refsource_SECUNIA
33797
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:11316
vdb-entry
signature
x_refsource_OVAL
ADV-2008-2461
vdb-entry
x_refsource_VUPEN
MDVSA-2008:194
vendor-advisory
x_refsource_MANDRIVA
PK70937
vendor-advisory
x_refsource_AIXAPAR
31384
third-party-advisory
x_refsource_SECUNIA
TA09-133A
third-party-advisory
x_refsource_CERT
1020635
vdb-entry
x_refsource_SECTRACK
ADV-2009-1297
vdb-entry
x_refsource_VUPEN
http://svn.apache.org/viewvc?view=rev&revision=682871
x_refsource_CONFIRM
MDVSA-2009:124
vendor-advisory
x_refsource_MANDRIVA
HPSBUX02401
vendor-advisory
x_refsource_HP
http://wiki.rpath.com/Advisories:rPSA-2008-0327
x_refsource_CONFIRM
VU#663763
third-party-advisory
x_refsource_CERT-VN
apache-modproxyftp-xss(44223)
vdb-entry
x_refsource_XF
MDVSA-2008:195
vendor-advisory
x_refsource_MANDRIVA
20081122 rPSA-2008-0327-1 httpd mod_ssl
mailing-list
x_refsource_BUGTRAQ
oval:org.mitre.oval:def:7716
vdb-entry
signature
x_refsource_OVAL
ADV-2008-2315
vdb-entry
x_refsource_VUPEN
SSRT090005
vendor-advisory
x_refsource_HP
http://svn.apache.org/viewvc?view=rev&revision=682870
x_refsource_CONFIRM
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328
x_refsource_CONFIRM
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now