JVN/CVE Demo: Nvdinfos

NVD

Id: 2833
Name: CVE-2008-2939
Description: Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
Reject
CVSS Version: 2
CVSS Score: 4.3
Severity: Medium
CVSS Base Score: 4.3
CVSS Impact Subscore: 2.9
CVSS Exploit Subscore: 8.6
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Pub Date: 2017-01-03
Published: 2008-08-06
Modified Date: 2016-05-27
Seq: 2008-2939

Actions

Related NVD References

Id	NVD Id	NVD No.	Reference	Actions
17975	2833	CVE-2008-2939	APPLE-SA-2009-05-12	View
17976	2833	CVE-2008-2939	SUSE-SR:2008:024	View
17977	2833	CVE-2008-2939	HPSBUX02401	View
17978	2833	CVE-2008-2939	HPSBUX02465	View
17979	2833	CVE-2008-2939	oval:org.mitre.oval:def:11316	View
17980	2833	CVE-2008-2939	oval:org.mitre.oval:def:7716	View
17981	2833	CVE-2008-2939	RHSA-2008:0967	View
17982	2833	CVE-2008-2939	247666	View
17983	2833	CVE-2008-2939	http://support.apple.com/kb/HT3549	View
17984	2833	CVE-2008-2939	http://svn.apache.org/viewvc?view=rev&revision=682868	View
17985	2833	CVE-2008-2939	http://svn.apache.org/viewvc?view=rev&revision=682870	View
17986	2833	CVE-2008-2939	http://svn.apache.org/viewvc?view=rev&revision=682871	View
17987	2833	CVE-2008-2939	http://wiki.rpath.com/Advisories:rPSA-2008-0327	View
17988	2833	CVE-2008-2939	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0328	View
17989	2833	CVE-2008-2939	PK70197	View
17990	2833	CVE-2008-2939	PK70937	View
17991	2833	CVE-2008-2939	VU#663763	View
17992	2833	CVE-2008-2939	MDVSA-2008:194	View
17993	2833	CVE-2008-2939	MDVSA-2008:195	View
17994	2833	CVE-2008-2939	MDVSA-2009:124	View
17995	2833	CVE-2008-2939	http://www.rapid7.com/advisories/R7-0033	View
17996	2833	CVE-2008-2939	RHSA-2008:0966	View
17997	2833	CVE-2008-2939	20080806 Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting	View
17998	2833	CVE-2008-2939	20081122 rPSA-2008-0327-1 httpd mod_ssl	View
17999	2833	CVE-2008-2939	20081122 rPSA-2008-0328-1 httpd mod_ssl	View
18000	2833	CVE-2008-2939	30560	View
18001	2833	CVE-2008-2939	1020635	View
18002	2833	CVE-2008-2939	USN-731-1	View
18003	2833	CVE-2008-2939	TA09-133A	View
18004	2833	CVE-2008-2939	ADV-2008-2315	View
18005	2833	CVE-2008-2939	ADV-2008-2461	View
18006	2833	CVE-2008-2939	ADV-2009-0320	View
18007	2833	CVE-2008-2939	ADV-2009-1297	View
18008	2833	CVE-2008-2939	apache-modproxyftp-xss(44223)	View

Related JVN

Id	Name	Title	Summary	Cveinfo Name	Cveinfo Id	Nvdinfo Name	Nvdinfo Id	Cvssv2	Cvssv3	Jvnurl	Published Date	Last Updated Date	Actions
46300	JVNDB-2008-001610	Apache の mod_proxy_ftp モジュールにおけるクロスサイトスクリプティングの脆弱性	Apache の mod_proxy_ftp モジュールには、proxy_ftp.c および mod_proxy_ftp.c において、FTP URI パス名のワイルドカードの取り扱いに不備があり、クロスサイトスクリプティングの脆弱性が存在します。	CVE-2008-2939	33052	CVE-2008-2939	2833	4.3		http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001610.html	2008-08-06	2010-11-04	View

Message	Memory use
Component initialization	1.38 MB
Controller action start	1.48 MB
Controller render start	2.32 MB
View render complete	21.21 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.64
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	295.55
Event: Controller.beforeRender	4.42
» Processing toolbar data	4.34
Rendering View	845.39
» Event: View.beforeRender	0.02
» Rendering APP/View/Nvdinfos/view.ctp	815.34
» Event: View.afterRender	0.03
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	24.77
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	5.52
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/nvdinfos/view/2833
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/nvdinfos/view/2833
Remote Port	45564
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	3.144.6.159
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	3.144.6.159
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	3.144.6.159
Unique Id	aCEYos3cQ-NiL_tH-iPpXAAAANw
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	3.144.6.159
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	3.144.6.159
Redirect Unique Id	aCEYos3cQ-NiL_tH-iPpXAAAANw
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	3.144.6.159
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	3.144.6.159
Redirect Redirect Unique Id	aCEYos3cQ-NiL_tH-iPpXAAAANw
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1746999458.2191
Request Time	1746999458

NVD

Actions

Related NVD References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files