Apache HTTP Server 403 Error Cross-Site Scripting Vulnerability
Severity: MEDIUM
CVE Identifier: CVE-2008-2168
Advisory Date: JUL 21, 2015
DESCRIPTION
Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1002562
Trend Micro Deep Security DPI Rule Name: 1002562 - Apache HTTP Server 403 Error Cross-Site Scripting Vulnerability
AFFECTED SOFTWARE AND VERSION
- apache http_server 2.0
- apache http_server 2.0.28
- apache http_server 2.0.32
- apache http_server 2.0.34