Follow

Apache Server HTML Injection and UTF-7 XSS Cross-site Scripting Vulnerability

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2168

Description:
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2168 to
the following vulnerability:

Cross-site scripting (XSS) vulnerability Apache 2.2.6 and earlier
allows remote attackers to inject arbitrary web script or HTML via
UTF-7 encoded URLs that are not properly handled when displaying the
403 Forbidden error page.

SOLUTION:
1. Reason: Patched Service
2. Title: This should be pre-populated, but change as necessary.
3. Comment: Apache Version 2.2.14 is installed. This bug was repaired after Apache version 2.2.6.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.