CVE-2008-2168: XSS

First published: Tue May 13 2008(Updated: )

Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Apache HTTP server	=2.0.42
Apache HTTP server	=2.2
Apache HTTP server	=2.0.58
Apache HTTP server	=2.0.47
Apache HTTP server	=2.1
Apache HTTP server	=2.0.56
Apache HTTP server	=2.0.50
Apache HTTP server	=2.2.2
Apache HTTP server	=2.1.3
Apache HTTP server	=2.2.4
Apache HTTP server	=2.0.35
Apache HTTP server	=2.0.37
Apache HTTP server	=2.0.55
Apache HTTP server	=2.1.2
Apache HTTP server	=2.1.1
Apache HTTP server	=2.0.44
Apache HTTP server	=2.0.39
Apache HTTP server	=2.0.52
Apache HTTP server	=2.1.7
Apache HTTP server	=2.0.53
Apache HTTP server	=2.0.57
Apache HTTP server	=2.0.51
Apache HTTP server	=2.0.28-beta
Apache HTTP server	=2.0.41
Apache HTTP server	=2.0.49
Apache HTTP server	=2.1.6
Apache HTTP server	=2.0.9
Apache HTTP server	=2.0.34-beta
Apache HTTP server	=2.0.61
Apache HTTP server	=2.0.32
Apache HTTP server	=2.0.38
Apache HTTP server	=2.1.4
Apache HTTP server	=2.0.48
Apache HTTP server	=2.0.45
Apache HTTP server	=2.0.40
Apache HTTP server	=2.1.5
Apache HTTP server	=2.0.36
Apache HTTP server	=2.2.3
Apache HTTP server	=2.0.46
Apache HTTP server	=2.0.54
Apache HTTP server	=2.0.43
Apache HTTP server	=2.0.59
Apache HTTP server	=2.1.8
Apache HTTP server	=2.0.28
Apache HTTP server	=2.0
Apache HTTP server	=2.0.32-beta
Apache HTTP server	=2.2.1
Apache HTTP server	=2.0.60
Apache HTTP server

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
collector/nvd-index
agent/references
agent/severity
agent/author
agent/weakness
agent/type
agent/description
agent/event
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/apache
canonical/apache http server
version/apache http server/2.0.42
version/apache http server/2.2
version/apache http server/2.0.58
version/apache http server/2.0.47
version/apache http server/2.1
version/apache http server/2.0.56
version/apache http server/2.0.50
version/apache http server/2.2.2
version/apache http server/2.1.3
version/apache http server/2.2.4
version/apache http server/2.0.35
version/apache http server/2.0.37
version/apache http server/2.0.55
version/apache http server/2.1.2
version/apache http server/2.1.1
version/apache http server/2.0.44
version/apache http server/2.0.39
version/apache http server/2.0.52
version/apache http server/2.1.7
version/apache http server/2.0.53
version/apache http server/2.0.57
version/apache http server/2.0.51
version/apache http server/2.0.28-beta
version/apache http server/2.0.41
version/apache http server/2.0.49
version/apache http server/2.1.6
version/apache http server/2.0.9
version/apache http server/2.0.34-beta
version/apache http server/2.0.61
version/apache http server/2.0.32
version/apache http server/2.0.38
version/apache http server/2.1.4
version/apache http server/2.0.48
version/apache http server/2.0.45
version/apache http server/2.0.40
version/apache http server/2.1.5
version/apache http server/2.0.36
version/apache http server/2.2.3
version/apache http server/2.0.46
version/apache http server/2.0.54
version/apache http server/2.0.43
version/apache http server/2.0.59
version/apache http server/2.1.8
version/apache http server/2.0.28
version/apache http server/2.0
version/apache http server/2.0.32-beta
version/apache http server/2.2.1
version/apache http server/2.0.60

CVE-2008-2168: XSS

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact