| Name | Apache.Mod.Proxy.Ftp.Wildcard.Characters.XSS |
| Release Date | Sep 23, 2008 |
| Severity | Medium |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attack attempt to exploit a Cross-Site Scripting (XSS) vulnerability in Apache.
The vulnerability is caused by an error that occurs when the vulnerable
software handles a URL containing wildcard character in mod_ftp_proxy. A remote attacker may exploit this to execute arbitrary script by enticing user to access a malicious URL. |
| Affected Products | Apache, HTTP Server 2.0.63
Apache, HTTP Server 2.2.9 |
| Recommended Actions | Upgrade to the latest version,available from the website.
http://httpd.apache.org/ |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-2939
|
| Reference/s | http://www.securityfocus.com/bid/30560 (BugTraq)
http://secunia.com/advisories/31384/
|