Apache Mod_proxy_ftp Wildcard Characters XSS Vulnerability Network Vulnerability

Summary

The host is running Apache, which is prone to cross-site scripting vulnerability.

Impact

Remote attackers can execute arbitrary script code. Impact Level : Application

Solution

Fixed is available in the SVN repository, http://svn.apache.org/viewvc?view=rev&revision=682871 http://svn.apache.org/viewvc?view=rev&revision=682868

Insight

Input passed to the module mod_proxy_ftp with wildcard character is not properly sanitized before returning to the user.

Affected

Apache 2.0.0 to 2.0.63 and Apache 2.2.0 to 2.2.9 on All Platform *** Note: The script might report a False Positive as it is only checking for the vulnerable version of Apache. Vulnerability is only when mod_proxy and mod_proxy_ftp is configured with the installed Apache version. ***

References

http://httpd.apache.org/
http://httpd.apache.org/docs/2.0/mod/mod_proxy_ftp.html
http://www.securityfocus.com/archive/1/495180

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-2939
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Rave User Information Disclosure Vulnerability
Apache Tomcat DOS Device Name XSS
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities