Description

This alert was generated using only banner information. It may be a false positive.

Fixed in Apache httpd 2.2.10:
  • low: mod_proxy_ftp globbing XSS CVE-2008-2939
    A flaw was found in the handling of wildcards in the path of a FTP URL with mod_proxy_ftp. If mod_proxy_ftp is enabled to support FTP-over-HTTP, requests containing globbing characters could lead to cross-site scripting (XSS) attacks.

Affected Apache versions (2.2.9, 2.2.8, 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, 2.2.0).

Remediation

Upgrade Apache 2.x to the latest version.

References

Apache homepage

Apache httpd 2.2 vulnerabilities

Related Vulnerabilities

Oracle Database Server CVE-2008-2604 Vulnerability (CVE-2008-2604)

Oracle Database Server CVE-2023-22034 Vulnerability (CVE-2023-22034)

Rukovoditel Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-11821)

WordPress Plugin Calendar by WD-Responsive Event Calendar for WordPress SQL Injection (1.4.9)

WordPress Plugin WP Hotel Booking PHP Object Injection (1.10.3)

Severity

Low

Classification

CVE-2008-2939 CVE-2010-2791 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

XSS Missing Update