CVE-2008-2939 - Vulnerability Details

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Http Server
Apple	Mac Os X
Canonical	Ubuntu Linux
Opensuse	Opensuse
Redhat	Certificate System Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:apache:http_server::::::::
	cpe:2.3:a:apache:http_server::::::::

Configuration 2 [-]

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
	cpe:2.3:o:opensuse:opensuse:10.2:::::::*
	cpe:2.3:o:opensuse:opensuse:10.3:::::::*
	cpe:2.3:o:opensuse:opensuse:11.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Certificate System 7.3
ant-0:1.6.5-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
avalon-logkit-0:1.2-2jpp_4rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
axis-0:1.2.1-1jpp_3rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
classpathx-jaf-0:1.0-2jpp_6rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
classpathx-mail-0:1.1.1-2jpp_8rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
geronimo-specs-0:1.0-0.M4.1jpp_10rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
jakarta-commons-modeler-0:2.0-3jpp_2rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
log4j-0:1.2.12-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
mx4j-1:3.0.1-1jpp_4rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
pcsc-lite-0:1.3.3-3.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-ca-0:7.3.0-20.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-java-tools-0:7.3.0-10.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-kra-0:7.3.0-14.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-manage-0:7.3.0-19.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-native-tools-0:7.3.0-6.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-ocsp-0:7.3.0-13.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-tks-0:7.3.0-13.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
tomcat5-0:5.5.23-0jpp_4rh.16	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
xerces-j2-0:2.7.1-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
xml-commons-0:1.3.02-2jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
Red Hat Enterprise Linux 3
httpd-0:2.0.46-71.ent	cpe:/o:redhat:enterprise_linux:3	RHSA-2008:0967	2008-11-11T00:00:00Z
Red Hat Enterprise Linux 4
httpd-0:2.0.52-41.ent.2	cpe:/o:redhat:enterprise_linux:4	RHSA-2008:0967	2008-11-11T00:00:00Z
Red Hat Enterprise Linux 5
httpd-0:2.2.3-11.el5_2.4	cpe:/o:redhat:enterprise_linux:5	RHSA-2008:0967	2008-11-11T00:00:00Z

References

Link	Providers
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
http://marc.info/?l=bugtraq&m=123376588623823&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://rhn.redhat.com/errata/RHSA-2008-0967.html
http://secunia.com/advisories/31384
http://secunia.com/advisories/31673
http://secunia.com/advisories/32685
http://secunia.com/advisories/32838
http://secunia.com/advisories/33156
http://secunia.com/advisories/33797
http://secunia.com/advisories/34219
http://secunia.com/advisories/35074
http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1
http://support.apple.com/kb/HT3549
http://svn.apache.org/viewvc?view=rev&revision=682868
http://svn.apache.org/viewvc?view=rev&revision=682870
http://svn.apache.org/viewvc?view=rev&revision=682871
http://wiki.rpath.com/Advisories:rPSA-2008-0327
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328
http://www-1.ibm.com/support/docview.wss?uid=swg1PK70197
http://www-1.ibm.com/support/docview.wss?uid=swg1PK70937
http://www.kb.cert.org/vuls/id/663763
http://www.mandriva.com/security/advisories?name=MDVSA-2008:194
http://www.mandriva.com/security/advisories?name=MDVSA-2008:195
http://www.mandriva.com/security/advisories?name=MDVSA-2009:124
http://www.rapid7.com/advisories/R7-0033
http://www.redhat.com/support/errata/RHSA-2008-0966.html
http://www.securityfocus.com/archive/1/495180/100/0/threaded
http://www.securityfocus.com/archive/1/498566/100/0/threaded
http://www.securityfocus.com/archive/1/498567/100/0/threaded
http://www.securityfocus.com/bid/30560
http://www.securitytracker.com/id?1020635
http://www.ubuntu.com/usn/USN-731-1
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2008/2315
http://www.vupen.com/english/advisories/2008/2461
http://www.vupen.com/english/advisories/2009/0320
http://www.vupen.com/english/advisories/2009/1297
https://exchange.xforce.ibmcloud.com/vulnerabilities/44223
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2008-2939
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11316
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7716
https://www.cve.org/CVERecord?id=CVE-2008-2939

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2008-08-06T18:00:00

Updated: 2024-08-07T09:21:34.358Z

Reserved: 2008-06-30T00:00:00

Link: CVE-2008-2939

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-08-06T18:41:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-2939

Redhat

Severity : Low

Publid Date: 2008-08-05T00:00:00Z

Links: CVE-2008-2939 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-05T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-06T10:10:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?view=rev&revision=682868"}, {"name": "34219", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34219"}, {"name": "HPSBUX02465", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3549"}, {"name": "SUSE-SR:2008:024", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"}, {"name": "247666", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1"}, {"name": "32838", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32838"}, {"name": "20081122 rPSA-2008-0328-1 httpd mod_ssl", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/498567/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rapid7.com/advisories/R7-0033"}, {"name": "35074", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35074"}, {"name": "RHSA-2008:0967", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2008-0967.html"}, {"name": "SSRT090192", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"name": "30560", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30560"}, {"name": "32685", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32685"}, {"name": "APPLE-SA-2009-05-12", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"name": "USN-731-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-731-1"}, {"name": "31673", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31673"}, {"name": "ADV-2009-0320", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0320"}, {"name": "20080806 Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/495180/100/0/threaded"}, {"name": "PK70197", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK70197"}, {"name": "RHSA-2008:0966", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0966.html"}, {"name": "33156", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33156"}, {"name": "33797", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33797"}, {"name": "oval:org.mitre.oval:def:11316", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11316"}, {"name": "ADV-2008-2461", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2461"}, {"name": "MDVSA-2008:194", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:194"}, {"name": "PK70937", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK70937"}, {"name": "31384", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31384"}, {"name": "TA09-133A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"name": "1020635", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020635"}, {"name": "ADV-2009-1297", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?view=rev&revision=682871"}, {"name": "MDVSA-2009:124", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:124"}, {"name": "HPSBUX02401", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0327"}, {"name": "VU#663763", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/663763"}, {"name": "apache-modproxyftp-xss(44223)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44223"}, {"name": "MDVSA-2008:195", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:195"}, {"name": "20081122 rPSA-2008-0327-1 httpd mod_ssl", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/498566/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:7716", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7716"}, {"name": "ADV-2008-2315", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2315"}, {"name": "SSRT090005", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?view=rev&revision=682870"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:21:34.358Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?view=rev&revision=682868"}, {"name": "34219", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34219"}, {"name": "HPSBUX02465", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3549"}, {"name": "SUSE-SR:2008:024", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"}, {"name": "247666", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1"}, {"name": "32838", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32838"}, {"name": "20081122 rPSA-2008-0328-1 httpd mod_ssl", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/498567/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rapid7.com/advisories/R7-0033"}, {"name": "35074", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35074"}, {"name": "RHSA-2008:0967", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2008-0967.html"}, {"name": "SSRT090192", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"name": "30560", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30560"}, {"name": "32685", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32685"}, {"name": "APPLE-SA-2009-05-12", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"name": "USN-731-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-731-1"}, {"name": "31673", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31673"}, {"name": "ADV-2009-0320", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0320"}, {"name": "20080806 Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/495180/100/0/threaded"}, {"name": "PK70197", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK70197"}, {"name": "RHSA-2008:0966", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0966.html"}, {"name": "33156", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33156"}, {"name": "33797", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33797"}, {"name": "oval:org.mitre.oval:def:11316", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11316"}, {"name": "ADV-2008-2461", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2461"}, {"name": "MDVSA-2008:194", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:194"}, {"name": "PK70937", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK70937"}, {"name": "31384", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31384"}, {"name": "TA09-133A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"name": "1020635", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020635"}, {"name": "ADV-2009-1297", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?view=rev&revision=682871"}, {"name": "MDVSA-2009:124", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:124"}, {"name": "HPSBUX02401", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0327"}, {"name": "VU#663763", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/663763"}, {"name": "apache-modproxyftp-xss(44223)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44223"}, {"name": "MDVSA-2008:195", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:195"}, {"name": "20081122 rPSA-2008-0327-1 httpd mod_ssl", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/498566/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:7716", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7716"}, {"name": "ADV-2008-2315", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2315"}, {"name": "SSRT090005", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?view=rev&revision=682870"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-2939", "datePublished": "2008-08-06T18:00:00", "dateReserved": "2008-06-30T00:00:00", "dateUpdated": "2024-08-07T09:21:34.358Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "AC4A1537-518C-4D4B-A446-7A21E246DD86", "versionEndIncluding": "2.0.63", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "AAAFBA9B-793F-4B2A-89F5-2656C1278563", "versionEndIncluding": "2.2.9", "versionStartIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "536E776F-22D6-437C-B4F4-912071428F22", "versionEndIncluding": "10.5.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "24818450-FDA1-429A-AC17-68F44F584217", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*", "matchCriteriaId": "C35B68DF-1440-4587-8458-9C5F4D1E43F3", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI."}, {"lang": "es", "value": "Vulnerabilidad de XSS en proxy_ftp.c en el m\u00f3dulo mod_proxy_ftp en Apache 2.0.63 y en versiones anteriores y mod_proxy_ftp.c en el m\u00f3dulo mod_proxy_ftp en Apache 2.2.9 y en versiones anteriores a 2.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un comod\u00edn en el \u00faltimo componente del directorio en el nombre de ruta en una URI FTPI."}], "id": "CVE-2008-2939", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-08-06T18:41:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2008-0967.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/31384"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/31673"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/32685"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/32838"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/33156"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/33797"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34219"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35074"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3549"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://svn.apache.org/viewvc?view=rev&revision=682868"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://svn.apache.org/viewvc?view=rev&revision=682870"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://svn.apache.org/viewvc?view=rev&revision=682871"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0327"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK70197"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK70937"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/663763"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:194"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:195"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:124"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.rapid7.com/advisories/R7-0033"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0966.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/495180/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/498566/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/498567/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/30560"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1020635"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.ubuntu.com/usn/USN-731-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2008/2315"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2008/2461"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2009/0320"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"source": "secalert@redhat.com", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44223"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11316"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2008-0967.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/31384"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/31673"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/32685"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/32838"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/33156"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/33797"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/34219"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/35074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://svn.apache.org/viewvc?view=rev&revision=682868"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://svn.apache.org/viewvc?view=rev&revision=682870"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://svn.apache.org/viewvc?view=rev&revision=682871"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0327"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK70197"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK70937"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/663763"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:194"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:195"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:124"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.rapid7.com/advisories/R7-0033"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0966.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/495180/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/498566/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/498567/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/30560"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1020635"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.ubuntu.com/usn/USN-731-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2008/2315"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2008/2461"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2009/0320"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44223"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11316"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7716"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "These issue was addressed in all affected httpd versions as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0967.html\n\nThis issue is tracked via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2939\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, future updates may address this flaw in other affected products (such as Red Hat Application Stack).", "lastModified": "2008-11-12T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "ant-0:1.6.5-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "avalon-logkit-0:1.2-2jpp_4rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "axis-0:1.2.1-1jpp_3rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "classpathx-jaf-0:1.0-2jpp_6rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "classpathx-mail-0:1.1.1-2jpp_8rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "geronimo-specs-0:1.0-0.M4.1jpp_10rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "jakarta-commons-modeler-0:2.0-3jpp_2rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "log4j-0:1.2.12-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "mx4j-1:3.0.1-1jpp_4rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "pcsc-lite-0:1.3.3-3.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-ca-0:7.3.0-20.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-java-tools-0:7.3.0-10.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-kra-0:7.3.0-14.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-manage-0:7.3.0-19.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-native-tools-0:7.3.0-6.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-ocsp-0:7.3.0-13.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-tks-0:7.3.0-13.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "tomcat5-0:5.5.23-0jpp_4rh.16", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "xerces-j2-0:2.7.1-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "xml-commons-0:1.3.02-2jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2008:0967", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "httpd-0:2.0.46-71.ent", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2008-11-11T00:00:00Z"}, {"advisory": "RHSA-2008:0967", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "httpd-0:2.0.52-41.ent.2", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2008-11-11T00:00:00Z"}, {"advisory": "RHSA-2008:0967", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "httpd-0:2.2.3-11.el5_2.4", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2008-11-11T00:00:00Z"}], "bugzilla": {"description": "httpd: mod_proxy_ftp globbing XSS", "id": "458250", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"}, "csaw": false, "cwe": "CWE-79", "details": ["Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI."], "name": "CVE-2008-2939", "package_state": [{"cpe": "cpe:/a:redhat:directory_server:8", "fix_state": "Will not fix", "package_name": "httpd", "product_name": "Red Hat Directory Server 8"}], "public_date": "2008-08-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-2939\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-2939"], "threat_severity": "Low"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object