Summary
The host is running Apache, which is prone to cross-site scripting vulnerability.
Impact
Remote attackers can execute arbitrary script code.
Impact Level : Application
Solution
Fixed is available in the SVN repository,
http://svn.apache.org/viewvc?view=rev&revision=682871 http://svn.apache.org/viewvc?view=rev&revision=682868
Insight
Input passed to the module mod_proxy_ftp with wildcard character is not properly sanitized before returning to the user.
Affected
Apache 2.0.0 to 2.0.63 and Apache 2.2.0 to 2.2.9 on All Platform
***
Note: The script might report a False Positive as it is only checking for the vulnerable version of Apache. Vulnerability is only when mod_proxy and mod_proxy_ftp is configured with the installed Apache version. ***
References
Severity
Classification
-
CVE CVE-2008-2939 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat Directory Listing and File disclosure
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Apache Struts Directory Traversal Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities