CVE-2008-0005

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

References

http://securityreason.com/achievement_securityalert/49

http://www.mandriva.com/security/advisories?name=MDVSA-2008:014

http://www.mandriva.com/security/advisories?name=MDVSA-2008:015

http://www.redhat.com/support/errata/RHSA-2008-0004.html

http://www.redhat.com/support/errata/RHSA-2008-0005.html

http://www.redhat.com/support/errata/RHSA-2008-0006.html

http://www.redhat.com/support/errata/RHSA-2008-0007.html

http://www.redhat.com/support/errata/RHSA-2008-0008.html

http://www.securityfocus.com/bid/27234

http://www.securitytracker.com/id?1019185

http://secunia.com/advisories/28467

http://secunia.com/advisories/28471

http://www.mandriva.com/security/advisories?name=MDVSA-2008:016

http://secunia.com/advisories/28526

http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm

http://secunia.com/advisories/28607

http://www.ubuntu.com/usn/usn-575-1

http://secunia.com/advisories/28749

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html

http://secunia.com/advisories/28977

http://security.gentoo.org/glsa/glsa-200803-19.xml

http://secunia.com/advisories/29348

http://docs.info.apple.com/article.html?artnum=307562

http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

http://secunia.com/advisories/29420

http://securityreason.com/securityalert/3526

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html

http://secunia.com/advisories/29640

http://www.redhat.com/support/errata/RHSA-2008-0009.html

http://secunia.com/advisories/30732

http://secunia.com/advisories/35650

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://lists.vmware.com/pipermail/security-announce/2009/000062.html

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://www.vupen.com/english/advisories/2008/0924/references

http://www.vupen.com/english/advisories/2008/1875/references

http://marc.info/?l=bugtraq&m=130497311408250&w=2

https://exchange.xforce.ibmcloud.com/vulnerabilities/39615

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10812

http://www.securityfocus.com/archive/1/505990/100/0/threaded

http://www.securityfocus.com/archive/1/486167/100/0/threaded

https://lists.apache.org/thread.html/54a42d4b019[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2008-01-12

Updated: 2021-06-06

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
67633Oracle Linux 5 : httpd (ELSA-2008-0008)NessusOracle Linux Local Security Checks
medium
67632Oracle Linux 4 : httpd (ELSA-2008-0006)NessusOracle Linux Local Security Checks
medium
67631Oracle Linux 3 : httpd (ELSA-2008-0005)NessusOracle Linux Local Security Checks
medium
60345Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
43666CentOS 5 : httpd (CESA-2008:0008)NessusCentOS Local Security Checks
medium
41207SuSE9 Security Update : Apache (YOU Patch Number 12125)NessusSuSE Local Security Checks
medium
41206SuSE9 Security Update : Apache 2 (YOU Patch Number 12124)NessusSuSE Local Security Checks
medium
36524Mandriva Linux Security Advisory : apache (MDVSA-2008:016)NessusMandriva Local Security Checks
medium
31768SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 5128)NessusSuSE Local Security Checks
medium
31766openSUSE 10 Security Update : apache2 (apache2-5126)NessusSuSE Local Security Checks
medium
31765openSUSE 10 Security Update : apache2 (apache2-5125)NessusSuSE Local Security Checks
medium
31605Mac OS X Multiple Vulnerabilities (Security Update 2008-002)NessusMacOS X Local Security Checks
critical
31445GLSA-200803-19 : Apache: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
31408Apache 1.3.x < 1.3.41 Multiple Vulnerabilities (DoS, XSS)NessusWeb Servers
medium
31407Apache < 2.0.63 Multiple XSS VulnerabilitiesNessusWeb Servers
medium
4385Apache < 2.2.8 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
31118Apache 2.2.x < 2.2.8 Multiple Vulnerabilities (XSS, DoS)NessusWeb Servers
medium
31105Fedora 7 : httpd-2.2.8-1.fc7 (2008-1711)NessusFedora Local Security Checks
medium
31103Fedora 8 : httpd-2.2.8-1.fc8 (2008-1695)NessusFedora Local Security Checks
medium
31099Slackware 12.0 / current : httpd (SSA:2008-045-01)NessusSlackware Local Security Checks
medium
30184Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : apache2 vulnerabilities (USN-575-1)NessusUbuntu Local Security Checks
medium
29977RHEL 5 : httpd (RHSA-2008:0008)NessusRed Hat Local Security Checks
medium
29976RHEL 4 : httpd (RHSA-2008:0006)NessusRed Hat Local Security Checks
medium
29975RHEL 3 : httpd (RHSA-2008:0005)NessusRed Hat Local Security Checks
medium
29974RHEL 2.1 : apache (RHSA-2008:0004)NessusRed Hat Local Security Checks
medium
29967CentOS 4 : httpd (CESA-2008:0006)NessusCentOS Local Security Checks
medium
29966CentOS 3 : httpd (CESA-2008:0005)NessusCentOS Local Security Checks
medium
800581Apache < 2.2.8 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
low