CVE-2008-0005 — MEDIUM (4.3)

Q: How severe is CVE-2008-0005?

CVE-2008-0005 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-0005?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Fedoraproject Fedora, Canonical Ubuntu Linux.

Vulnerability Description

mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Http Server	>= 2.0.35, < 2.0.63
Fedoraproject	Fedora	7
Canonical	Ubuntu Linux	6.06

Related Weaknesses (CWE)

CWE-79

References

http://docs.info.apple.com/article.html?artnum=307562Broken Link
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlBroken LinkMailing List
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.htmlMailing ListThird Party Advisory
http://lists.vmware.com/pipermail/security-announce/2009/000062.htmlMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=124654546101607&w=2Issue TrackingMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=125631037611762&w=2Issue TrackingMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2Issue TrackingMailing ListThird Party Advisory
http://secunia.com/advisories/28467Not Applicable
http://secunia.com/advisories/28471Not Applicable
http://secunia.com/advisories/28526Not Applicable
http://secunia.com/advisories/28607Not Applicable
http://secunia.com/advisories/28749Not Applicable
http://secunia.com/advisories/28977Not Applicable
http://secunia.com/advisories/29348Not Applicable
http://secunia.com/advisories/29420Not Applicable

FAQ

What is CVE-2008-0005?

CVE-2008-0005 is a vulnerability with a CVSS score of 4.3 (MEDIUM). mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) atta...

How severe is CVE-2008-0005?

CVE-2008-0005 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-0005?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Fedoraproject Fedora, Canonical Ubuntu Linux.