VulnerableCode Vulnerability Details - VCID-ud2z-cz2h-6qbr

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-ud2z-cz2h-6qbr

Essentials
Severities (13)
References (7)
Severity details (0)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-ud2z-cz2h-6qbr
Aliases	CVE-2008-2168
Summary	httpd: XSS via UTF-7 encoded urls on the 403 Forbidden error page
Status	Published
Exploitability	2.0
Weighted Severity	0.5
Risk	1.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

System	Score	Found at
epss	0.50386	https://api.first.org/data/v1/epss?cve=CVE-2008-2168
epss	0.50386	https://api.first.org/data/v1/epss?cve=CVE-2008-2168
epss	0.50386	https://api.first.org/data/v1/epss?cve=CVE-2008-2168
epss	0.50386	https://api.first.org/data/v1/epss?cve=CVE-2008-2168
epss	0.50386	https://api.first.org/data/v1/epss?cve=CVE-2008-2168
epss	0.50386	https://api.first.org/data/v1/epss?cve=CVE-2008-2168
epss	0.50386	https://api.first.org/data/v1/epss?cve=CVE-2008-2168
epss	0.50386	https://api.first.org/data/v1/epss?cve=CVE-2008-2168
epss	0.50386	https://api.first.org/data/v1/epss?cve=CVE-2008-2168
epss	0.50386	https://api.first.org/data/v1/epss?cve=CVE-2008-2168
epss	0.50386	https://api.first.org/data/v1/epss?cve=CVE-2008-2168
epss	0.50386	https://api.first.org/data/v1/epss?cve=CVE-2008-2168
epss	0.50386	https://api.first.org/data/v1/epss?cve=CVE-2008-2168

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2168.json
		https://api.first.org/data/v1/epss?cve=CVE-2008-2168
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2168
446352		https://bugzilla.redhat.com/show_bug.cgi?id=446352
CVE-2008-2168;OSVDB-45420	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/31759.txt
CVE-2008-2168;OSVDB-45420	Exploit	https://www.securityfocus.com/bid/29112/info
USN-731-1		https://usn.ubuntu.com/731-1/

Data source	Exploit-DB
Date added	May 8, 2008
Description	Microsoft Internet Explorer 2 - UTF-7 HTTP Response Handling
Ransomware campaign use	Known
Source publication date	May 8, 2008
Exploit type	remote
Platform	windows
Source update date	Feb. 19, 2014
Source URL	https://www.securityfocus.com/bid/29112/info

There are no known vectors.

Exploit Prediction Scoring System (EPSS)

Percentile	0.9782
EPSS Score	0.50386
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T14:59:06.972173+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2168.json	38.0.0