Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability

Bugtraq ID: 27234
Class: Input Validation Error
CVE: CVE-2008-0005
Remote: Yes
Local: No
Published: Jan 10 2008 12:00AM
Updated: May 09 2011 07:53PM
Credit: sp3x <sp3x@securityreason.com> discovered this issue.
Vulnerable: VMWare Workstation 6.5.2
VMWare Workstation 6.5.1
VMWare ACE 2.5.2
VMWare ACE 2.5.1
Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu Ubuntu Linux 7.10 amd64
Ubuntu Ubuntu Linux 7.04 sparc
Ubuntu Ubuntu Linux 7.04 powerpc
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu Ubuntu Linux 7.04 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 11 x64
Turbolinux Turbolinux Server 11
Turbolinux Turbolinux Server 10.0.0 x64
TurboLinux Personal
TurboLinux Multimedia
Turbolinux FUJI 0
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Turbolinux Appliance Server 2.0
SuSE SUSE Linux Enterprise Server 9
SuSE SUSE Linux Enterprise Server 10 SP1
SuSE SUSE Linux Enterprise SDK 10.SP1
SuSE openSUSE 10.3
S.u.S.E. openSUSE 10.2
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop SDK 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
RedHat Enterprise Linux 5 server
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Certificate Server 7.3
RedHat Application Stack v1 for Enterprise Linux ES 4
RedHat Application Stack v1 for Enterprise Linux AS 4
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora 8
Red Hat Fedora 7
Red Hat Enterprise Linux Desktop 5 client
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Linux Mandrake 2008.0 x86_64
MandrakeSoft Linux Mandrake 2008.0
MandrakeSoft Linux Mandrake 2007.1 x86_64
MandrakeSoft Linux Mandrake 2007.1
MandrakeSoft Linux Mandrake 2007.0 x86_64
MandrakeSoft Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
IBM HTTP Server 2.0.47 .1
IBM HTTP Server 2.0.47
IBM Hardware Management Console (HMC) for pSeries 6.0 R1.3
IBM Hardware Management Console (HMC) for iSeries 6.0 R1.3
HP OpenVMS Secure Web Server 1.2
HP OpenVMS Secure Web Server 1.1 -1
HP OpenVMS Secure Web Server 2.1-1
HP HP-UX B.11.31
HP HP-UX B.11.23
HP HP-UX B.11.11
HP Business Availability Center 8.01
Gentoo Linux
Avaya Voice Portal 4.1
Avaya Voice Portal 4.0
Avaya Messaging Storage Server MM3.0
Avaya Messaging Storage Server 3.1
Avaya Message Networking MN 3.1
Avaya Message Networking 3.1
Avaya Meeting Exchange 5.0
Avaya Intuity AUDIX LX 2.0
Avaya Communication Manager 5.0
Avaya Communication Manager 4.0
Avaya Communication Manager 3.1
Avaya Communication Manager 3.0
Avaya CCS 3.1.2
Avaya CCS 3.1.1
Avaya CCS 4.0
Avaya CCS 3.1
Avaya Aura SIP Enablement Services 3.1.1
Avaya Aura Application Enablement Services 4.0.1
Avaya Aura Application Enablement Services 3.1.4
Avaya Aura Application Enablement Services 3.1.3
Avaya Aura Application Enablement Services 4.0
Avaya Aura Application Enablement Services 3.1
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.5
Apache Software Foundation Apache 2.2.6
Apache Software Foundation Apache 2.2.5
Apache Software Foundation Apache 2.2.4
Apache Software Foundation Apache 2.2.3
Apache Software Foundation Apache 2.2.2
Apache Software Foundation Apache 2.2 .0
Apache Software Foundation Apache 2.0.59
Apache Software Foundation Apache 2.0.56 -dev
Apache Software Foundation Apache 2.0.55
Apache Software Foundation Apache 2.0.54
+ Debian Linux 3.1 sparc
 + Debian Linux 3.1 s/390
 + Debian Linux 3.1 ppc
 + Debian Linux 3.1 mipsel
 + Debian Linux 3.1 mips
 + Debian Linux 3.1 m68k
 + Debian Linux 3.1 ia-64
 + Debian Linux 3.1 ia-32
 + Debian Linux 3.1 hppa
 + Debian Linux 3.1 arm
 + Debian Linux 3.1 amd64
 + Debian Linux 3.1 alpha
 + Debian Linux 3.1
Apache Software Foundation Apache 2.0.53
Apache Software Foundation Apache 2.0.52
Apache Software Foundation Apache 2.0.51
Apache Software Foundation Apache 2.0.50
Apache Software Foundation Apache 2.0.49
+ S.u.S.E. Linux Personal 9.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.48
+ MandrakeSoft Linux Mandrake 10.0 AMD64
 + MandrakeSoft Linux Mandrake 10.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.0 x86_64
 + S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
Apache Software Foundation Apache 2.0.47
Apache Software Foundation Apache 2.0.46
Apache Software Foundation Apache 2.0.45
Apache Software Foundation Apache 2.0.44
Apache Software Foundation Apache 2.0.43
Apache Software Foundation Apache 2.0.42
Apache Software Foundation Apache 2.0.41
Apache Software Foundation Apache 2.0.40
+ RedHat Linux 9.0 i386
 + RedHat Linux 8.0
+ Terra Soft Solutions Yellow Dog Linux 3.0
Apache Software Foundation Apache 2.0.39
Apache Software Foundation Apache 2.0.38
Apache Software Foundation Apache 2.0.37
Apache Software Foundation Apache 2.0.36
Apache Software Foundation Apache 2.0.35
Apache Software Foundation Apache 2.0.32
Apache Software Foundation Apache 2.0.28 Beta
Apache Software Foundation Apache 2.0.28
Apache Software Foundation Apache 2.0 a9
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 1.3.39
Apache Software Foundation Apache 1.3.37
Apache Software Foundation Apache 1.3.36
Apache Software Foundation Apache 1.3.34
Apache Software Foundation Apache 1.3.33
Apache Software Foundation Apache 1.3.32
+ Gentoo Linux 1.4
+ Gentoo Linux
Apache Software Foundation Apache 1.3.31
+ OpenPKG OpenPKG Current
 Apache Software Foundation Apache 1.3.29
+ Apple Mac OS X 10.3.5
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X Server 10.3.5
+ Apple Mac OS X Server 10.2.7
+ MandrakeSoft Linux Mandrake 10.0 AMD64
 + MandrakeSoft Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.0
Apache Software Foundation Apache 1.3.28
+ Conectiva Linux 8.0
+ MandrakeSoft Linux Mandrake 9.2 amd64
 + MandrakeSoft Linux Mandrake 9.2
+ OpenBSD OpenBSD 3.4
 + OpenPKG OpenPKG 1.3
Apache Software Foundation Apache 1.3.27
+ HP HP-UX (VVOS) 11.0 4
 + HP VirtualVault 4.6
+ HP VirtualVault 4.5
+ HP Webproxy 2.0
+ Immunix Immunix OS 7+
 + MandrakeSoft Linux Mandrake 9.1 ppc
 + MandrakeSoft Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.3
 + OpenPKG OpenPKG Current
 + RedHat Enterprise Linux AS 2.1 IA64
 + RedHat Enterprise Linux AS 2.1
 + RedHat Enterprise Linux ES 2.1 IA64
 + RedHat Enterprise Linux ES 2.1
 + RedHat Enterprise Linux WS 2.1 IA64
 + RedHat Enterprise Linux WS 2.1
 + RedHat Linux Advanced Work Station 2.1
+ SGI IRIX 6.5.19
Apache Software Foundation Apache 1.3.26
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + MandrakeSoft Corporate Server 2.1 x86_64
 + MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Apache Software Foundation Apache 1.3.24
Apache Software Foundation Apache 1.3.22
Apache Software Foundation Apache 1.3.20
- Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6a
 - Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP3
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP2
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0 SP1
 - Microsoft Windows NT 4.0
 - Microsoft Windows NT 4.0
 Apache Software Foundation Apache 1.3.19
Apache Software Foundation Apache 1.3.17
Apache Software Foundation Apache 1.3.14
+ EnGarde Secure Linux 1.0.1
+ MandrakeSoft Linux Mandrake 7.2
+ MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Single Network Firewall 7.2
+ SGI IRIX 6.5.11
+ SGI IRIX 6.5.10
+ SGI IRIX 6.5.9
+ SGI IRIX 6.5.8
+ SGI IRIX 6.5.7
+ SGI IRIX 6.5.6
+ SGI IRIX 6.5.5
+ SGI IRIX 6.5.4
+ SGI IRIX 6.5.3
+ SGI IRIX 6.5.2
+ SGI IRIX 6.5.1
+ SGI IRIX 6.5
Apache Software Foundation Apache 1.3.12
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3.9
Apache Software Foundation Apache 1.3.6
Apache Software Foundation Apache 1.3.4
Apache Software Foundation Apache 1.3.3
+ RedHat Linux 5.2 sparc
 + RedHat Linux 5.2 i386
 + RedHat Linux 5.2 alpha
 Apache Software Foundation Apache 1.3.1
Apache Software Foundation Apache 1.3
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3
+ Apple Mac OS X 10.2.8
+ Apple Mac OS X 10.2.7
+ Apple Mac OS X 10.2.6
+ Apple Mac OS X 10.2.5
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.1.5
+ Apple Mac OS X 10.1.4
+ Apple Mac OS X 10.1.3
+ Apple Mac OS X 10.1.2
+ Apple Mac OS X 10.1.1
+ Apple Mac OS X 10.1
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.2.8
+ Apple Mac OS X Server 10.2.7
+ Apple Mac OS X Server 10.2.6
+ Apple Mac OS X Server 10.2.5
+ Apple Mac OS X Server 10.2.4
+ Apple Mac OS X Server 10.2.3
+ Apple Mac OS X Server 10.2.2
+ Apple Mac OS X Server 10.2.1
+ Apple Mac OS X Server 10.2
+ Apple Mac OS X Server 10.1.5
+ Apple Mac OS X Server 10.1.4
+ Apple Mac OS X Server 10.1.3
+ Apple Mac OS X Server 10.1.2
+ Apple Mac OS X Server 10.1.1
+ Apple Mac OS X Server 10.1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0
 Apache Software Foundation Apache 2.0.61-dev
Apache Software Foundation Apache 2.0.60-dev
Apache Software Foundation Apache 2.0.58
Apache Software Foundation Apache 1.3.35
Not Vulnerable: HP OpenVMS Secure Web Server 2.2
Apache Software Foundation Apache 2.2.7-dev
Apache Software Foundation Apache 2.0.62-dev
Apache Software Foundation Apache 1.3.40-dev


 

Privacy Statement
Copyright 2010, SecurityFocus