oss-sec mailing list archives
CVE-2008-2939 low severity Apache httpd XSS
From: Mark J Cox <mjc () redhat com>
Date: Wed, 6 Aug 2008 14:41:30 +0100 (BST)
FYI as this was committed yesterday but isn't triggering a new upstream release so might not get noticed much until the advisory comes out from Rapid7:
*) SECURITY: CVE-2008-2939 (cve.mitre.org) mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem] Hence Low severity, affects 2.0.*, 2.2.*, fixes in svn: http://svn.apache.org/viewvc?view=rev&revision=682870 Thanks, Mark -- Mark J Cox / Red Hat Security Response Team
Current thread:
- CVE-2008-2939 low severity Apache httpd XSS Mark J Cox (Aug 06)