Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-2168

Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.

Related bugs and status

CVE-2008-2168 (Candidate) is related to these bugs:

Bug #239894: CVE-2008-2364 Apache2 mod_proxy_http.c DOS

		In	Importance	Status
239894	CVE-2008-2364 Apache2 mod_proxy_http.c DOS	apache2 (Ubuntu)	Low	Fix Released
239894	CVE-2008-2364 Apache2 mod_proxy_http.c DOS	apache2 (Ubuntu Feisty)	Low	Won't Fix
239894	CVE-2008-2364 Apache2 mod_proxy_http.c DOS	apache2 (Ubuntu Gutsy)	Low	Fix Released
239894	CVE-2008-2364 Apache2 mod_proxy_http.c DOS	apache2 (Ubuntu Hardy)	Low	Fix Released
239894	CVE-2008-2364 Apache2 mod_proxy_http.c DOS	apache2 (Ubuntu Intrepid)	Low	Fix Released
239894	CVE-2008-2364 Apache2 mod_proxy_http.c DOS	apache2 (Ubuntu Dapper)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 29112
HP: HPSBUX02365
HP: SSRT080118
SECUNIA: 31651
SREASON: 3889
UBUNTU: USN-731-1
SECUNIA: 34219
SECUNIA: 35650
HP: HPSBUX02431
HP: SSRT090085
HP: HPSBUX02465
HP: SSRT090192
XF: apache-403-xss(42303)
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080508 Apache Server...
BUGTRAQ: 20080510 Re: Apache Se...
BUGTRAQ: 20080510 Re: Re: Apach...
BUGTRAQ: 20080512 Re: Re: Re: A...