Search for vulnerabilities
Vulnerability details: VCID-1r9x-9cx9-3far
Vulnerability ID VCID-1r9x-9cx9-3far
Aliases CVE-2008-2939
Summary A flaw was found in the handling of wildcards in the path of a FTP URL with mod_proxy_ftp. If mod_proxy_ftp is enabled to support FTP-over-HTTP, requests containing globbing characters could lead to cross-site scripting (XSS) attacks.
Status Published
Exploitability 0.5
Weighted Severity 2.1
Risk 1.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
epss 0.40747 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.40747 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.68325 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
apache_httpd low https://httpd.apache.org/security/json/CVE-2008-2939.json
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2939.json
https://api.first.org/data/v1/epss?cve=CVE-2008-2939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939
458250 https://bugzilla.redhat.com/show_bug.cgi?id=458250
CVE-2008-2939 https://httpd.apache.org/security/json/CVE-2008-2939.json
RHSA-2008:0967 https://access.redhat.com/errata/RHSA-2008:0967
USN-731-1 https://usn.ubuntu.com/731-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.97274
EPSS Score 0.40747
Published At Aug. 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:28:48.954174+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2008-2939.json 37.0.0