PublicDate: 2008-08-06 18:41:00 UTC
Candidate: CVE-2008-2939
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939
 https://ubuntu.com/security/notices/USN-731-1
Description:
 Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the
 mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in
 the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows
 remote attackers to inject arbitrary web script or HTML via a wildcard in
 the last directory component in the pathname in an FTP URI.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_apache:
upstream_apache: not-affected
dapper_apache: not-affected
feisty_apache: not-affected
gutsy_apache: DNE
hardy_apache: DNE
intrepid_apache: DNE
devel_apache: DNE

Patches_apache2:
 other: http://svn.apache.org/viewvc?view=rev&revision=682870
upstream_apache2: released (2.2.9-7)
dapper_apache2: released (2.0.55-4ubuntu2.4)
feisty_apache2: needed (reached end-of-life)
gutsy_apache2: released (2.2.4-3ubuntu0.2)
hardy_apache2: released (2.2.8-1ubuntu0.4)
intrepid_apache2: not-affected (2.2.9-7ubuntu1)
devel_apache2: not-affected (2.2.9-7ubuntu1)