Published: 13/05/2008 Updated: 30/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and previous versions allows remote malicious users to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server 2.0.28
apache http server 2.0
apache http server 2.0.37
apache http server 2.0.32
apache http server 2.0.39
apache http server 2.0.40
apache http server 2.0.41
apache http server 2.0.48
apache http server 2.0.49
apache http server 2.0.56
apache http server 2.0.57
apache http server 2.1.2
apache http server 2.1.3
apache http server 2.2.1
apache http server 2.2.2
apache http server 2.0.34
apache http server 2.0.42
apache http server 2.0.43
apache http server 2.0.50
apache http server 2.0.51
apache http server 2.0.58
apache http server 2.0.59
apache http server 2.1.4
apache http server 2.1.5
apache http server 2.2.3
apache http server 2.2.4
apache http server 2.0.35
apache http server 2.0.36
apache http server 2.0.44
apache http server 2.0.45
apache http server 2.0.52
apache http server 2.0.53
apache http server 2.0.60
apache http server 2.0.61
apache http server 2.1.6
apache http server 2.1.7
apache http server -
apache http server 2.0.38
apache http server 2.0.46
apache http server 2.0.47
apache http server 2.0.54
apache http server 2.0.55
apache http server 2.0.9
apache http server 2.1
apache http server 2.1.1
apache http server 2.1.8
apache http server 2.2

It was discovered that Apache did not sanitize the method specifier header from an HTTP request when it is returned in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output With cross-site scripting vulnerabilities, if a user were tricked into viewing server output durin ...

source: wwwsecurityfocuscom/bid/29112/info Microsoft Internet Explorer is prone to a weakness that can facilitate cross-site scripting attacks The issue occurs because the application fails to sufficiently sanitize user-supplied input when handling UTF-7 charset data received in HTTP responses Attackers can leverage this weakness to ai ...

CWE-79 http://www.securityfocus.com/bid/29112 http://secunia.com/advisories/31651 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432 http://securityreason.com/securityalert/3889 http://www.ubuntu.com/usn/USN-731-1 http://secunia.com/advisories/34219 http://secunia.com/advisories/35650 http://marc.info/?l=bugtraq&m=124654546101607&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/42303 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5143 http://www.securityfocus.com/archive/1/491967/100/0/threaded http://www.securityfocus.com/archive/1/491930/100/0/threaded http://www.securityfocus.com/archive/1/491901/100/0/threaded http://www.securityfocus.com/archive/1/491862/100/0/threaded https://usn.ubuntu.com/731-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/31759/

CVE-2008-2168

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect