Search for vulnerabilities
Vulnerability details: VCID-pwtu-8hzx-aaak
Vulnerability ID VCID-pwtu-8hzx-aaak
Aliases CVE-2008-0005
Summary mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
generic_textual MODERATE http://marc.info/?l=bugtraq&m=130497311408250&w=2
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0004
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0005
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0006
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0007
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0008
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0009
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0602
epss 0.01089 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.01145 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.02132 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.0232 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.12228 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.12228 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
epss 0.14371 https://api.first.org/data/v1/epss?cve=CVE-2008-0005
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=427739
apache_httpd low https://httpd.apache.org/security/json/CVE-2008-0005.json
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2008-0005
Reference id Reference type URL
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0005.json
https://api.first.org/data/v1/epss?cve=CVE-2008-0005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
http://secunia.com/advisories/28467
http://secunia.com/advisories/28471
http://secunia.com/advisories/28526
http://secunia.com/advisories/28607
http://secunia.com/advisories/28749
http://secunia.com/advisories/28977
http://secunia.com/advisories/29348
http://secunia.com/advisories/29420
http://secunia.com/advisories/29640
http://secunia.com/advisories/30732
http://secunia.com/advisories/35650
http://security.gentoo.org/glsa/glsa-200803-19.xml
http://securityreason.com/achievement_securityalert/49
http://securityreason.com/securityalert/3526
https://exchange.xforce.ibmcloud.com/vulnerabilities/39615
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10812
http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:014
http://www.mandriva.com/security/advisories?name=MDVSA-2008:015
http://www.mandriva.com/security/advisories?name=MDVSA-2008:016
http://www.redhat.com/support/errata/RHSA-2008-0004.html
http://www.redhat.com/support/errata/RHSA-2008-0005.html
http://www.redhat.com/support/errata/RHSA-2008-0006.html
http://www.redhat.com/support/errata/RHSA-2008-0007.html
http://www.redhat.com/support/errata/RHSA-2008-0008.html
http://www.redhat.com/support/errata/RHSA-2008-0009.html
http://www.securityfocus.com/archive/1/486167/100/0/threaded
http://www.securityfocus.com/archive/1/505990/100/0/threaded
http://www.securityfocus.com/bid/27234
http://www.securitytracker.com/id?1019185
http://www.ubuntu.com/usn/usn-575-1
http://www.vupen.com/english/advisories/2008/0924/references
http://www.vupen.com/english/advisories/2008/1875/references
427739 https://bugzilla.redhat.com/show_bug.cgi?id=427739
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
CVE-2008-0005 https://httpd.apache.org/security/json/CVE-2008-0005.json
CVE-2008-0005 https://nvd.nist.gov/vuln/detail/CVE-2008-0005
GLSA-200803-19 https://security.gentoo.org/glsa/200803-19
RHSA-2008:0004 https://access.redhat.com/errata/RHSA-2008:0004
RHSA-2008:0005 https://access.redhat.com/errata/RHSA-2008:0005
RHSA-2008:0006 https://access.redhat.com/errata/RHSA-2008:0006
RHSA-2008:0007 https://access.redhat.com/errata/RHSA-2008:0007
RHSA-2008:0008 https://access.redhat.com/errata/RHSA-2008:0008
RHSA-2008:0009 https://access.redhat.com/errata/RHSA-2008:0009
RHSA-2010:0602 https://access.redhat.com/errata/RHSA-2010:0602
USN-575-1 https://usn.ubuntu.com/575-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-0005
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.84782
EPSS Score 0.01089
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.