CVE-2008-0005

Apache <2.2.7-dev, <2.0.62-dev, <1.3.40-dev - XSS

Title source: llm

Description

mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

References (62)

... and 42 more

Scores

EPSS 0.0265
EPSS Percentile 85.6%

Classification

CWE
CWE-79
Status draft

Affected Products (7)

apache/http_server < 2.0.63
fedoraproject/fedora
fedoraproject/fedora
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux

Timeline

Published Jan 12, 2008
Tracked Since Feb 18, 2026