CVE-2008-2168 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Vendor	Product	Version
apache	http_server	-
apache	http_server	2.0
apache	http_server	2.0.9
apache	http_server	2.0.28
apache	http_server	2.0.28:beta
apache	http_server	2.0.32
apache	http_server	2.0.32:beta
apache	http_server	2.0.34:beta
apache	http_server	2.0.35
apache	http_server	2.0.36
apache	http_server	2.0.37
apache	http_server	2.0.38
apache	http_server	2.0.39
apache	http_server	2.0.40
apache	http_server	2.0.41
apache	http_server	2.0.42
apache	http_server	2.0.43
apache	http_server	2.0.44
apache	http_server	2.0.45
apache	http_server	2.0.46
apache	http_server	2.0.47
apache	http_server	2.0.48
apache	http_server	2.0.49
apache	http_server	2.0.50
apache	http_server	2.0.51
apache	http_server	2.0.52
apache	http_server	2.0.53
apache	http_server	2.0.54
apache	http_server	2.0.55
apache	http_server	2.0.56
apache	http_server	2.0.57
apache	http_server	2.0.58
apache	http_server	2.0.59
apache	http_server	2.0.60
apache	http_server	2.0.61
apache	http_server	2.1
apache	http_server	2.1.1
apache	http_server	2.1.2
apache	http_server	2.1.3
apache	http_server	2.1.4
apache	http_server	2.1.5
apache	http_server	2.1.6
apache	http_server	2.1.7
apache	http_server	2.1.8
apache	http_server	2.2
apache	http_server	2.2.1
apache	http_server	2.2.2
apache	http_server	2.2.3
apache	http_server	2.2.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

apache2

bullseye	2.4.62-1~deb11u1 fixed
bullseye (security)	2.4.62-1~deb11u2 fixed
bookworm	2.4.62-1~deb12u1 fixed
bookworm (security)	2.4.62-1~deb12u2 fixed
sid	2.4.62-3 fixed
trixie	2.4.62-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

apache2

intrepid	not-affected
hardy	not-affected
gutsy	Fixed 2.2.4-3ubuntu0.2 released
feisty	ignored
dapper	Fixed 2.0.55-4ubuntu2.4 released

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://secunia.com/advisories/31651

http://secunia.com/advisories/34219

http://secunia.com/advisories/35650

http://securityreason.com/securityalert/3889

http://www.securityfocus.com/archive/1/491862/100/0/threaded

http://www.securityfocus.com/archive/1/491901/100/0/threaded

http://www.securityfocus.com/archive/1/491930/100/0/threaded

http://www.securityfocus.com/archive/1/491967/100/0/threaded

http://www.securityfocus.com/bid/29112

http://www.ubuntu.com/usn/USN-731-1

https://exchange.xforce.ibmcloud.com/vulnerabilities/42303

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5143

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://secunia.com/advisories/31651

http://secunia.com/advisories/34219

http://secunia.com/advisories/35650

http://securityreason.com/securityalert/3889

http://www.securityfocus.com/archive/1/491862/100/0/threaded

http://www.securityfocus.com/archive/1/491901/100/0/threaded

http://www.securityfocus.com/archive/1/491930/100/0/threaded

http://www.securityfocus.com/archive/1/491967/100/0/threaded

http://www.securityfocus.com/bid/29112

http://www.ubuntu.com/usn/USN-731-1

https://exchange.xforce.ibmcloud.com/vulnerabilities/42303

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5143