Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 234088 (CVE-2008-2939) - www-servers/apache < 2.2.9-r1 xss in mod_proxy_ftp (CVE-2008-2939)
Summary: www-servers/apache < 2.2.9-r1 xss in mod_proxy_ftp (CVE-2008-2939)
Status: RESOLVED FIXED
Alias: CVE-2008-2939
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor
Assignee: Gentoo Security
URL: http://svn.apache.org/viewvc?view=rev...
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-08-06 13:59 UTC by Hanno Böck
Modified: 2020-04-09 19:04 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2008-08-06 13:59:10 UTC 
see subject, will probably not get a new apache release.

Patch:
http://svn.apache.org/viewvc?view=rev&revision=682870
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-08-15 10:46:28 UTC 
CVE-2008-2939 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2939):
  Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp
  module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp
  module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to
  inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI.
Comment 2 Benedikt Böhm (RETIRED) gentoo-dev 2008-08-29 13:31:06 UTC 
2.2.9-r1 in cvs
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-08-30 12:52:04 UTC 
Arches, please test and mark stable:
=www-servers/apache-2.2.9-r1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 4 Markus Meier gentoo-dev 2008-08-30 15:21:05 UTC 
amd64/x86 stable
Comment 5 Friedrich Oslage (RETIRED) gentoo-dev 2008-08-30 15:24:58 UTC 
sparc stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2008-08-30 16:53:03 UTC 
alpha/ia64 stable
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2008-08-31 15:53:09 UTC 
ppc stable
Comment 8 Markus Rothe (RETIRED) gentoo-dev 2008-09-01 06:49:39 UTC 
ppc64 stable
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2008-09-03 21:33:20 UTC 
Stable for HPPA.
Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2008-09-14 11:31:53 UTC 
it's a vote. I vote NO.
Comment 11 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-09-14 17:19:38 UTC 
no too, and closing.