Vulnerability Details : CVE-2008-2939
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2008-2939
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
Threat overview for CVE-2008-2939
Top countries where our scanners detected CVE-2008-2939
Top open port discovered on systems with this issue
80
IPs affected by CVE-2008-2939 291,593
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-2939!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-2939
9.99%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-2939
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2008-2939
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-2939
-
Red Hat 2008-11-12These issue was addressed in all affected httpd versions as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0967.html This issue is tracked via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2939 The Red Hat Security Response Team has rated this issue as having low security impact, future updates may address this flaw in other affected products (such as Red Hat Application Stack).
References for CVE-2008-2939
-
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_Third Party Advisory
-
http://secunia.com/advisories/35074
About Secunia Research | FlexeraBroken Link
-
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2Third Party Advisory
-
http://secunia.com/advisories/32838
About Secunia Research | FlexeraBroken Link
-
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2008:024 - openSUSE Security Announce - openSUSE Mailing ListsThird Party Advisory
-
http://svn.apache.org/viewvc?view=rev&revision=682868
[Apache-SVN] Revision 682868Third Party Advisory
-
http://svn.apache.org/viewvc?view=rev&revision=682870
[Apache-SVN] Revision 682870Third Party Advisory
-
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_Third Party Advisory
-
http://www.vupen.com/english/advisories/2009/1297
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www.vupen.com/english/advisories/2008/2315
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www-1.ibm.com/support/docview.wss?uid=swg1PK70937
IBM notice: The page you requested cannot be displayedThird Party Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-247666-1
Broken Link
-
http://www-1.ibm.com/support/docview.wss?uid=swg1PK70197
IBM notice: The page you requested cannot be displayedThird Party Advisory
-
http://svn.apache.org/viewvc?view=rev&revision=682871
[Apache-SVN] Revision 682871Third Party Advisory
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328
Broken Link
-
http://www.ubuntu.com/usn/USN-731-1
USN-731-1: Apache vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=125631037611762&w=2
'[security bulletin] HPSBUX02465 SSRT090192 rev.1 - HP-UX Running Apache-based Web Server, Remote Den' - MARCThird Party Advisory
-
http://www.vupen.com/english/advisories/2008/2461
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11316
404 Not FoundBroken Link
-
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html sThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:194
MandrivaBroken Link
-
http://www.redhat.com/support/errata/RHSA-2008-0966.html
SupportThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:124
MandrivaBroken Link
-
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Mailing List
-
http://www.kb.cert.org/vuls/id/663763
VU#663763 - Apache mod_proxy_ftp XSS vulnerabilityThird Party Advisory;US Government Resource
-
http://secunia.com/advisories/31673
About Secunia Research | FlexeraBroken Link
-
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2Third Party Advisory
-
http://www.securityfocus.com/archive/1/495180/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.rapid7.com/advisories/R7-0033
404 Page Not FoundBroken Link
-
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-Apache Mail ArchivesThird Party Advisory
-
http://secunia.com/advisories/34219
About Secunia Research | FlexeraBroken Link
-
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_Third Party Advisory
-
http://marc.info/?l=bugtraq&m=123376588623823&w=2
'[security bulletin] HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Den' - MARCThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:195
MandrivaBroken Link
-
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_Third Party Advisory
-
http://www.vupen.com/english/advisories/2009/0320
Webmail: access your OVH emails on ovhcloud.com | OVHcloudPermissions Required
-
http://www.securitytracker.com/id?1020635
Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/32685
About Secunia Research | FlexeraBroken Link
-
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
Apache Mail ArchivesThird Party Advisory
-
http://secunia.com/advisories/33156
About Secunia Research | FlexeraBroken Link
-
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/-Apache Mail ArchivesThird Party Advisory
-
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html sThird Party Advisory
-
http://www.securityfocus.com/archive/1/498566/100/0/threaded
Third Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2Third Party Advisory
-
http://www.securityfocus.com/archive/1/498567/100/0/threaded
Third Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
Apache Mail ArchivesThird Party Advisory
-
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_Third Party Advisory
-
http://www.securityfocus.com/bid/30560
Third Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
Apache Mail ArchivesThird Party Advisory
-
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_Third Party Advisory
-
http://secunia.com/advisories/31384
About Secunia Research | FlexeraBroken Link
-
http://support.apple.com/kb/HT3549
About the security content of Security Update 2009-002 / Mac OS X v10.5.7 - Apple SupportThird Party Advisory
-
http://wiki.rpath.com/Advisories:rPSA-2008-0327
Broken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/44223
Apache HTTP Server mod_proxy_ftp cross-site scripting CVE-2008-2939 Vulnerability ReportVDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7716
404 Not FoundBroken Link
-
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-Apache Mail ArchivesThird Party Advisory
-
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.htmlThird Party Advisory
-
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Apple Updates for Multiple Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
http://secunia.com/advisories/33797
About Secunia Research | FlexeraBroken Link
-
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2008-0967.html
RHSA-2008:0967 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to