CVE-2008-2168

Apache HTTP Server - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Yaniv Miron · textremotewindows

https://www.exploit-db.com/exploits/31759

View Code ZIP pw:eip

References (15)

Core 15

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3889

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/42303

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34219

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/491967/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5143

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=125631037611762&w=2

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31651

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=124654546101607&w=2

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/29112

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-731-1

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/491901/100/0/threaded

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/491862/100/0/threaded

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/491930/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35650

Scores

EPSS 0.5039

EPSS Percentile 97.9%

Details

CWE

CWE-79

Status published

Products (47)

apache/http_server

apache/http_server 2.0

apache/http_server 2.0.9

apache/http_server 2.0.28 (2 CPE variants)

apache/http_server 2.0.32 (2 CPE variants)

apache/http_server 2.0.34 beta

apache/http_server 2.0.35

apache/http_server 2.0.36

apache/http_server 2.0.37

apache/http_server 2.0.38

... and 37 more

Published May 13, 2008

Tracked Since Feb 18, 2026