4.3
CVSSv2

CVE-2008-2168

Published: 13/05/2008 Updated: 30/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and previous versions allows remote malicious users to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 2.0.42

apache http server 2.2

apache http server 2.0.58

apache http server 2.0.47

apache http server 2.1

apache http server 2.0.56

apache http server 2.0.50

apache http server 2.2.2

apache http server 2.1.3

apache http server 2.2.4

apache http server 2.0.35

apache http server 2.0.37

apache http server 2.0.55

apache http server 2.1.2

apache http server 2.1.1

apache http server 2.0.44

apache http server 2.0.39

apache http server 2.0.52

apache http server 2.1.7

apache http server 2.0.53

apache http server 2.0.57

apache http server 2.0.51

apache http server 2.0.28

apache http server 2.0.41

apache http server 2.0.49

apache http server 2.1.6

apache http server 2.0.9

apache http server 2.0.34

apache http server 2.0.61

apache http server 2.0.32

apache http server 2.0.38

apache http server 2.1.4

apache http server 2.0.48

apache http server 2.0.45

apache http server 2.0.40

apache http server 2.1.5

apache http server 2.0.36

apache http server 2.2.3

apache http server 2.0.46

apache http server 2.0.54

apache http server 2.0.43

apache http server 2.0.59

apache http server 2.1.8

apache http server 2.0

apache http server 2.2.1

apache http server 2.0.60

apache http server -

Vendor Advisories

It was discovered that Apache did not sanitize the method specifier header from an HTTP request when it is returned in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output With cross-site scripting vulnerabilities, if a user were tricked into viewing server output durin ...

Exploits

source: wwwsecurityfocuscom/bid/29112/info Microsoft Internet Explorer is prone to a weakness that can facilitate cross-site scripting attacks The issue occurs because the application fails to sufficiently sanitize user-supplied input when handling UTF-7 charset data received in HTTP responses Attackers can leverage this weakness to ai ...