Search for vulnerabilities
| Vulnerability ID | VCID-6ahp-sh7m-vkbq |
| Aliases |
CVE-2008-2168
|
| Summary | Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page. |
| Status | Published |
| Exploitability | 2.0 |
| Weighted Severity | 0.5 |
| Risk | 1.0 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| epss | 0.54708 | https://api.first.org/data/v1/epss?cve=CVE-2008-2168 |
| epss | 0.54708 | https://api.first.org/data/v1/epss?cve=CVE-2008-2168 |
| epss | 0.54708 | https://api.first.org/data/v1/epss?cve=CVE-2008-2168 |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2168.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2008-2168 | ||
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2168 | ||
| 446352 | https://bugzilla.redhat.com/show_bug.cgi?id=446352 | |
| CVE-2008-2168;OSVDB-45420 | Exploit | https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/31759.txt |
| CVE-2008-2168;OSVDB-45420 | Exploit | https://www.securityfocus.com/bid/29112/info |
| USN-731-1 | https://usn.ubuntu.com/731-1/ |
| Data source | Exploit-DB |
|---|---|
| Date added | May 8, 2008 |
| Description | Microsoft Internet Explorer 2 - UTF-7 HTTP Response Handling |
| Ransomware campaign use | Known |
| Source publication date | May 8, 2008 |
| Exploit type | remote |
| Platform | windows |
| Source update date | Feb. 19, 2014 |
| Source URL | https://www.securityfocus.com/bid/29112/info |
| Percentile | 0.98079 |
| EPSS Score | 0.54708 |
| Published At | June 4, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-04T16:27:42.662995+00:00 | Debian Importer | Import | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |