VYPR
Unrated severityNVD Advisory· Published Aug 6, 2008· Updated Jun 16, 2026

CVE-2008-2939

CVE-2008-2939

Description

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
    Range: <=2.0.63
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
    Range: <=10.5.6
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 2 more
    • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
  • OpenSUSE/openSUSE3 versions
    cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
  • Range: <=2.0.63, <=2.2.9

Patches

Vulnerability mechanics

References

62

News mentions

0

No linked articles in our index yet.