Search for vulnerabilities
Vulnerability details: VCID-qhh5-wcj1-aaae
Vulnerability ID VCID-qhh5-wcj1-aaae
Aliases CVE-2008-2939
Summary Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
generic_textual MODERATE http://marc.info/?l=bugtraq&m=123376588623823&w=2
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0966
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0967
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0602
epss 0.09208 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.09922 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.09922 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.09922 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.11431 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.11431 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.11431 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.11431 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.12175 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.12175 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.12175 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.12175 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.12175 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.12175 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.12175 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.12175 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.39999 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.39999 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.39999 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.39999 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.39999 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.39999 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.59356 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.64828 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.64828 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.64828 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.64828 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.64828 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.64828 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.64828 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.64828 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.64828 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.64828 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.64828 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.64828 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.64828 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.64828 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.64828 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.65014 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.65014 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.65014 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.65014 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.65014 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.65014 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.65014 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.65014 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.65014 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.65014 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.65014 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.65014 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.65014 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
epss 0.65014 https://api.first.org/data/v1/epss?cve=CVE-2008-2939
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=458250
generic_textual MODERATE http://secunia.com/advisories/33797
apache_httpd low https://httpd.apache.org/security/json/CVE-2008-2939.json
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2008-2939
generic_textual MODERATE http://www.vupen.com/english/advisories/2009/0320
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
http://marc.info/?l=bugtraq&m=123376588623823&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://rhn.redhat.com/errata/RHSA-2008-0967.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2939.json
https://api.first.org/data/v1/epss?cve=CVE-2008-2939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939
http://secunia.com/advisories/31384
http://secunia.com/advisories/31673
http://secunia.com/advisories/32685
http://secunia.com/advisories/32838
http://secunia.com/advisories/33156
http://secunia.com/advisories/33797
http://secunia.com/advisories/34219
http://secunia.com/advisories/35074
https://exchange.xforce.ibmcloud.com/vulnerabilities/44223
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11316
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7716
http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1
http://support.apple.com/kb/HT3549
http://svn.apache.org/viewvc?view=rev&revision=682868
http://svn.apache.org/viewvc?view=rev&revision=682870
http://svn.apache.org/viewvc?view=rev&revision=682871
http://wiki.rpath.com/Advisories:rPSA-2008-0327
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328
http://www-1.ibm.com/support/docview.wss?uid=swg1PK70197
http://www-1.ibm.com/support/docview.wss?uid=swg1PK70937
http://www.kb.cert.org/vuls/id/663763
http://www.mandriva.com/security/advisories?name=MDVSA-2008:194
http://www.mandriva.com/security/advisories?name=MDVSA-2008:195
http://www.mandriva.com/security/advisories?name=MDVSA-2009:124
http://www.rapid7.com/advisories/R7-0033
http://www.redhat.com/support/errata/RHSA-2008-0966.html
http://www.securityfocus.com/archive/1/495180/100/0/threaded
http://www.securityfocus.com/archive/1/498566/100/0/threaded
http://www.securityfocus.com/archive/1/498567/100/0/threaded
http://www.securityfocus.com/bid/30560
http://www.securitytracker.com/id?1020635
http://www.ubuntu.com/usn/USN-731-1
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2008/2315
http://www.vupen.com/english/advisories/2008/2461
http://www.vupen.com/english/advisories/2009/0320
http://www.vupen.com/english/advisories/2009/1297
458250 https://bugzilla.redhat.com/show_bug.cgi?id=458250
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
CVE-2008-2939 https://httpd.apache.org/security/json/CVE-2008-2939.json
CVE-2008-2939 https://nvd.nist.gov/vuln/detail/CVE-2008-2939
RHSA-2008:0966 https://access.redhat.com/errata/RHSA-2008:0966
RHSA-2008:0967 https://access.redhat.com/errata/RHSA-2008:0967
RHSA-2010:0602 https://access.redhat.com/errata/RHSA-2010:0602
USN-731-1 https://usn.ubuntu.com/731-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2008-2939
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.94689
EPSS Score 0.09208
Published At Jan. 16, 2025, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.