CVE-2008-0005
EPSS 2.7%
Description
mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
How to fix CVE-2008-0005
To remediate CVE-2008-0005, upgrade the affected package to a fixed version below.
- Debian/apache2—upgrade to 2.2.8-1 or later
Is CVE-2008-0005 being exploited?
Low — EPSS is 2.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.2.8-1