mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.0232
Percentile: 0.84126

CVSS Scoring

Mapped CWE(s)

• CWE-79 : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

• cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
• cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
• cpe:2.3:o:fedoraproject:fedora:7:*:*:*:*:*:*:*
• cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*

← Back to Home