Novell Home

CVE-2008-2939

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2008-2939 at MITRE

Description

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entries: 210904, 415061, 422464

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE CORE 9 for AMD64 and Intel EM64T
  • apache2 >= 2.0.59-1.18
  • apache2-devel >= 2.0.59-1.18
  • apache2-doc >= 2.0.59-1.18
  • apache2-example-pages >= 2.0.59-1.18
  • apache2-prefork >= 2.0.59-1.18
  • apache2-worker >= 2.0.59-1.18
  • libapr0 >= 2.0.59-1.18
Builds
YOU Patch Nr: 12718
SUSE Linux Enterprise 10 SP2 DEBUGINFO for AMD64 and Intel EM64T
SUSE Linux Enterprise 10 SP2 DEBUGINFO for IBM zSeries 64bit
SUSE Linux Enterprise 10 SP2 DEBUGINFO for x86
  • apache2-debuginfo >= 2.2.3-16.19
sles10.x86-64
sle10-sp1-sdk.ppc
sle10-sp2-sdk.ppc
sle10-sp2-sdk.s390x
sles10-sp2.s390x
sle10-sp1-sdk.ia64
sles10.s390x
sles10-sp2-debuginfo.ia64
sles10-sp2.x86-64
sles10-sp2.ppc
sles10-sp2.ia64
sles10-sp2-debuginfo.x86-64
sles10.x86
sles10-sp2-debuginfo.x86
sles10-sp2-debuginfo.s390x
sle10-sp1-sdk.x86
sles10.ia64
sle10-sp1-sdk.x86-64
sle10-sp2-sdk.ia64
sle10-sp1-sdk.s390x
sle10-sp2-sdk.x86
sles10.ppc
sle10-sp2-sdk.x86-64
sles10-sp2-debuginfo.ppc
sles10-sp2.x86
ZYPP Patch Nr: 5629
SUSE Linux Enterprise SDK 10 SP2
  • apache2 >= 2.2.3-16.19
  • apache2-devel >= 2.2.3-16.19
  • apache2-doc >= 2.2.3-16.19
  • apache2-example-pages >= 2.2.3-16.19
  • apache2-prefork >= 2.2.3-16.19
  • apache2-worker >= 2.2.3-16.19
sles10.x86-64
sle10-sp1-sdk.ppc
sle10-sp2-sdk.ppc
sle10-sp2-sdk.s390x
sles10-sp2.s390x
sle10-sp1-sdk.ia64
sles10.s390x
sles10-sp2-debuginfo.ia64
sles10-sp2.x86-64
sles10-sp2.ppc
sles10-sp2.ia64
sles10-sp2-debuginfo.x86-64
sles10.x86
sles10-sp2-debuginfo.x86
sles10-sp2-debuginfo.s390x
sle10-sp1-sdk.x86
sles10.ia64
sle10-sp1-sdk.x86-64
sle10-sp2-sdk.ia64
sle10-sp1-sdk.s390x
sle10-sp2-sdk.x86
sles10.ppc
sle10-sp2-sdk.x86-64
sles10-sp2-debuginfo.ppc
sles10-sp2.x86
ZYPP Patch Nr: 5629
Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
  • apache2 >= 2.0.59-1.10
  • apache2-devel >= 2.0.59-1.10
  • apache2-prefork >= 2.0.59-1.10
  • apache2-worker >= 2.0.59-1.10
sles9-nld.x86
core9.s390
sles9-nld.x86-64
sles9-nlpos.x86
sles9-oes.x86
sles9-nld.x86
core9.ia64
core9.s390x
sles9-nld.x86-64
core9.x86
core9.ppc
core9.x86-64
YOU Patch Nr: 12258
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • libapr0 >= 2.0.59-1.10
sles9-nld.x86
core9.s390
sles9-nld.x86-64
sles9-nlpos.x86
sles9-oes.x86
sles9-nld.x86
core9.ia64
core9.s390x
sles9-nld.x86-64
core9.x86
core9.ppc
core9.x86-64
YOU Patch Nr: 12258
Open Enterprise Server
  • apache2 >= 2.0.59-1.10
  • apache2-devel >= 2.0.59-1.10
  • apache2-doc >= 2.0.59-1.10
  • apache2-example-pages >= 2.0.59-1.10
  • apache2-prefork >= 2.0.59-1.10
  • apache2-worker >= 2.0.59-1.10
  • libapr0 >= 2.0.59-1.10
sles9-nld.x86
core9.s390
sles9-nld.x86-64
sles9-nlpos.x86
sles9-oes.x86
sles9-nld.x86
core9.ia64
core9.s390x
sles9-nld.x86-64
core9.x86
core9.ppc
core9.x86-64
YOU Patch Nr: 12258
openSUSE 11.0
  • apache2-debuginfo >= 2.2.8-28.2
  • apache2-debugsource >= 2.2.8-28.2
openSUSE 11.0
  • apache2 >= 2.2.8-28.2
  • apache2-devel >= 2.2.8-28.2
  • apache2-doc >= 2.2.8-28.2
  • apache2-example-pages >= 2.2.8-28.2
  • apache2-prefork >= 2.2.8-28.2
  • apache2-utils >= 2.2.8-28.2
  • apache2-worker >= 2.2.8-28.2

© 2014 Novell