Fixed in Apache httpd 2.2.10:
- low: mod_proxy_ftp globbing XSS CVE-2008-2939
A flaw was found in the handling of wildcards in the path of a FTP URL with mod_proxy_ftp. If mod_proxy_ftp is enabled to support FTP-over-HTTP, requests containing globbing characters could lead to cross-site scripting (XSS) attacks.
Affected Apache versions (2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0).
Check references for details about every vulnerability.
Upgrade Apache 2.x to the latest version.
Apache httpd 2.2 vulnerabilities