← back
CVE-2008-0005

CVE-2008-0005

EPSS 14.6%
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://docs.info.apple.com/article.html?artnum=307562http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.htmlhttp://lists.vmware.com/pipermail/security-announce/2009/000062.htmlhttp://marc.info/?l=bugtraq&m=124654546101607&w=2http://marc.info/?l=bugtraq&m=125631037611762&w=2http://marc.info/?l=bugtraq&m=130497311408250&w=2http://secunia.com/advisories/28467http://secunia.com/advisories/28471http://secunia.com/advisories/28526http://secunia.com/advisories/28607http://secunia.com/advisories/28749